Overview

overview

7

Static

static

3

d9a8e95732...18.exe

windows7-x64

7

d9a8e95732...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/09/2024, 05:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d9a8e95732ab27cf45c542ee25078362_JaffaCakes118.exe

  • Size

    865KB

  • MD5

    d9a8e95732ab27cf45c542ee25078362

  • SHA1

    daa3859744ad48e72b870342561a7f60a0b1faf6

  • SHA256

    8b019539889b3cbdb004b2992861e06ae27681cd9f5c6c1f3505192b682c3ed6

  • SHA512

    264a0fff419ab2f3c6ef19cc6a5781e33cb169ee9f0b6c422f14a321215b8c7d0543f99960f3884d7bed6119994b6cab7d695c6907a58dcc9e7dc7e6359bf2d6

  • SSDEEP

    24576:MIlXYgWOZ61cG5g0TjceqlGz3Yv6FEBuENO9/GX:MIlWOZ6+kJTAlS3Yv6FGNE/GX

Score
7/10
bootkitdiscoverypersistence

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d9a8e95732ab27cf45c542ee25078362_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d9a8e95732ab27cf45c542ee25078362_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2984

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\otlC590.tmp
          Filesize

          172KB

          MD5

          685f1cbd4af30a1d0c25f252d399a666

          SHA1

          6a1b978f5e6150b88c8634146f1406ed97d2f134

          SHA256

          0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

          SHA512

          6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

          Download Submit

        • \Users\Admin\AppData\Local\Temp\~QQSL_1726030871\dr.dll
          Filesize

          101KB

          MD5

          da0e3c1fc66a44417953181bc405c488

          SHA1

          930be33acabfe5bd404eff8cf2c192afeaf94cf9

          SHA256

          719f5cb5575b0493842a148d888069697afc29f855dbf87889c4535bf9a1f8c6

          SHA512

          35c3cdae776570f2d43f338534ada490a36ee3afa21de470b3831368cb7dbad659b7c698750966c43d0c9e4607001a2505ee1d212a9004fa450a8ee876d1e48c

          Download Submit

        • memory/2984-0-0x0000000000400000-0x00000000004B0000-memory.dmp

          Filesize

          704KB

          Download

        • memory/2984-4-0x0000000000260000-0x00000000002D3000-memory.dmp

          Filesize

          460KB

          Download

        • memory/2984-19-0x0000000000400000-0x00000000004B0000-memory.dmp

          Filesize

          704KB

          Download

        • memory/2984-20-0x0000000000260000-0x00000000002D3000-memory.dmp

          Filesize

          460KB

          Download

        • memory/2984-21-0x0000000000260000-0x00000000002D3000-memory.dmp

          Filesize

          460KB

          Download