Overview

overview

6

Static

static

3

bf7d41b72b...18.exe

windows7-x64

6

bf7d41b72b...18.exe

windows10-2004-x64

Analysis

  • max time kernel
    0s
  • max time network
    4s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    24-08-2024 21:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf7d41b72bc242468461fa098592990a_JaffaCakes118.exe

  • Size

    149KB

  • MD5

    bf7d41b72bc242468461fa098592990a

  • SHA1

    368ebdb322adbc23b45d880036a19b6b6a34c28e

  • SHA256

    babfb39be1e3bd306e289e02ddbfac95e5a4c84a6fdbf3aa914925d1b63d22b7

  • SHA512

    8584843ed101d75e765ae073936ef349d9b0dbd53a26ddefea40f45bfb0d3010ee22c5261c2f4b14b4eb165763ac392cb8fec5cdec4d0ba1108a81357f8b026d

  • SSDEEP

    3072:dxcaNnKlZbaPmakqBhDvyztgPq+ettVHOwOx6LL9UG3oH+OR5/I:drJKrba6qBNyqyHtVmx4Z0/

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf7d41b72bc242468461fa098592990a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bf7d41b72bc242468461fa098592990a_JaffaCakes118.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    PID:2436

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2436-0-0x0000000000430000-0x0000000000453000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2436-1-0x0000000000404000-0x0000000000405000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2436-2-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download