Analysis
-
max time kernel
0s -
max time network
0s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
20/08/2024, 01:50
General
-
Target
ad7195653081d0a4ee468fa1cfabde11_JaffaCakes118.exe
-
Size
121KB
-
MD5
ad7195653081d0a4ee468fa1cfabde11
-
SHA1
3b254bca3e43ad429f2add2f01b04bb8ea77a4d1
-
SHA256
0f07954aee96ad175e9c74f35661e0fe7c295fa9cdb3305c83567c3e9fd60fdc
-
SHA512
b4c5d4b9116bc4d466bb3b1808e33c06ce2781d251f9cb1108bd1d232a91e8692def8350ade47903cf809578bec92b3741967ee44c962b0143547cff8c412827
-
SSDEEP
3072:XyvUGRI3wwf+G+sQvwBsh0bb3yxFNEOJOr1:4UaI3JKaXwFNdJO
Score
6/10
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ad7195653081d0a4ee468fa1cfabde11_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ad7195653081d0a4ee468fa1cfabde11_JaffaCakes118.exe"1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
136KB