Overview

overview

7

Static

static

7

ac628d225f...18.exe

windows7-x64

7

ac628d225f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 20:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ac628d225f349cda36e79435b638973a_JaffaCakes118.exe

  • Size

    205KB

  • MD5

    ac628d225f349cda36e79435b638973a

  • SHA1

    353dee1960ccac6c37cc679c6d750476a8c19f51

  • SHA256

    ce290947566ec0d43cfdfb1595786b55725b9af643f31f8dd57b8f2da6ea10e1

  • SHA512

    a744c2c4a9ecda2bd23df6056168a5d1111f05845547def7657a438e63207fe8da04a2725c055e3f2708ecb639bb0d76ef8ce846ebd6e8675fd2f9331d910f7f

  • SSDEEP

    6144:v0hfPqsPFbrBLAxNIKgUgk16yrN64vcpvPW:v0hVPKvlgny8acW

Score
7/10
bootkitdiscoverypersistenceupx

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Program Files directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac628d225f349cda36e79435b638973a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ac628d225f349cda36e79435b638973a_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    PID:3536
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4440,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=3032 /prefetch:8
    1⤵
      PID:5008

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3536-0-0x0000000000400000-0x0000000000475000-memory.dmp

            Filesize

            468KB

            Download

          • memory/3536-11-0x0000000000400000-0x0000000000475000-memory.dmp

            Filesize

            468KB

            Download

          • memory/3536-12-0x0000000000400000-0x0000000000475000-memory.dmp

            Filesize

            468KB

            Download

          • memory/3536-14-0x0000000000400000-0x0000000000475000-memory.dmp

            Filesize

            468KB

            Download

          • memory/3536-15-0x0000000000400000-0x0000000000475000-memory.dmp

            Filesize

            468KB

            Download

          • memory/3536-17-0x0000000000400000-0x0000000000475000-memory.dmp

            Filesize

            468KB

            Download

          • memory/3536-20-0x0000000000400000-0x0000000000475000-memory.dmp

            Filesize

            468KB

            Download