Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
18/08/2024, 01:23
General
-
Target
a4d71b6add265afc1f2942376941726a_JaffaCakes118.exe
-
Size
456KB
-
MD5
a4d71b6add265afc1f2942376941726a
-
SHA1
b7d74b3b951f01c283c4306e17c3fb74d0ef72e6
-
SHA256
13c1bff705e439ca4b2f3d2cd8d02f0d2c4473d860e8843fc73a860861b80fa7
-
SHA512
13351b6e7d2dd6c6a4c7ab77c461e7d1a6b671162ea0f0be39515f96ca344e522e757dda51737dffd604c800e9f915ef361eb5ac03f4de027a3c886b3319dca2
-
SSDEEP
12288:G2XSDq+Bxx2/EvyMS4stmTgKxglQRo0ZOTr1em9S:GXD0EvyxIT9xg3TrM4S
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious use of SetWindowsHookEx 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a4d71b6add265afc1f2942376941726a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a4d71b6add265afc1f2942376941726a_JaffaCakes118.exe"1⤵
- Checks BIOS information in registry
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx