8081cbde2dc6ed5829c7dae40f4932a0b61f4b70395c75d562652c85bf770eab

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 22:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f6fd516b8b43d733c08913f26fd1f581_JaffaCakes118.exe
Size

137KB
MD5

f6fd516b8b43d733c08913f26fd1f581
SHA1

05addcbe651511a98ed1963621a6ce5edaef24b6
SHA256

8081cbde2dc6ed5829c7dae40f4932a0b61f4b70395c75d562652c85bf770eab
SHA512

7bbecbfee4090df58a912fd900e0ee2ce7cefd76917c9ea4a5895415ecf4d7931114909ebdd7eb48318e7071b61c24b4faab643e6744f22ea8ab21a2c0896073
SSDEEP

3072:8J2IncTCVYbbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU7beH:886cTK2wvP6bQ7yMP+DE827CH

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	f6fd516b8b43d733c08913f26fd1f581_JaffaCakes118.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\mprmsgse.axz	f6fd516b8b43d733c08913f26fd1f581_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f6fd516b8b43d733c08913f26fd1f581_JaffaCakes118.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F9BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38}	f6fd516b8b43d733c08913f26fd1f581_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38}\dlloadtime = "1727303833"	f6fd516b8b43d733c08913f26fd1f581_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38}\mac = "5E-E0-1B-AF-E0-73"	f6fd516b8b43d733c08913f26fd1f581_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38}\dlt = "1727303833"	f6fd516b8b43d733c08913f26fd1f581_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38}\dlnmi = "1727303833"	f6fd516b8b43d733c08913f26fd1f581_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	f6fd516b8b43d733c08913f26fd1f581_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	f6fd516b8b43d733c08913f26fd1f581_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	f6fd516b8b43d733c08913f26fd1f581_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f6fd516b8b43d733c08913f26fd1f581_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f6fd516b8b43d733c08913f26fd1f581_JaffaCakes118.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1732-0-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1732-1-0x00000000001E0000-0x0000000000210000-memory.dmp

Filesize
192KB

Download
memory/1732-57-0x00000000027F0000-0x00000000027F1000-memory.dmp

Filesize
4KB

Download
memory/1732-56-0x00000000027D0000-0x00000000027D1000-memory.dmp

Filesize
4KB

Download
memory/1732-55-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/1732-54-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/1732-53-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/1732-52-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/1732-51-0x0000000002730000-0x0000000002731000-memory.dmp

Filesize
4KB

Download
memory/1732-50-0x0000000002710000-0x0000000002711000-memory.dmp

Filesize
4KB

Download
memory/1732-49-0x00000000026F0000-0x00000000026F1000-memory.dmp

Filesize
4KB

Download
memory/1732-48-0x00000000027E0000-0x00000000027E1000-memory.dmp

Filesize
4KB

Download
memory/1732-47-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/1732-46-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/1732-45-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/1732-44-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download
memory/1732-43-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/1732-42-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/1732-41-0x0000000002700000-0x0000000002701000-memory.dmp

Filesize
4KB

Download
memory/1732-40-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/1732-39-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download
memory/1732-38-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/1732-37-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/1732-36-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/1732-35-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/1732-34-0x00000000022A0000-0x00000000022A1000-memory.dmp

Filesize
4KB

Download
memory/1732-33-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/1732-32-0x0000000002280000-0x0000000002281000-memory.dmp

Filesize
4KB

Download
memory/1732-31-0x0000000002250000-0x0000000002251000-memory.dmp

Filesize
4KB

Download
memory/1732-30-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/1732-29-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/1732-28-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/1732-27-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/1732-26-0x0000000002220000-0x0000000002221000-memory.dmp

Filesize
4KB

Download
memory/1732-25-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/1732-24-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download
memory/1732-23-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/1732-22-0x00000000021E0000-0x00000000021E1000-memory.dmp

Filesize
4KB

Download
memory/1732-21-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/1732-20-0x00000000021B0000-0x00000000021B1000-memory.dmp

Filesize
4KB

Download
memory/1732-19-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download
memory/1732-18-0x0000000002190000-0x0000000002191000-memory.dmp

Filesize
4KB

Download
memory/1732-17-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/1732-16-0x0000000002170000-0x0000000002171000-memory.dmp

Filesize
4KB

Download
memory/1732-15-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/1732-14-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/1732-13-0x0000000002120000-0x0000000002121000-memory.dmp

Filesize
4KB

Download
memory/1732-12-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/1732-11-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/1732-10-0x0000000002110000-0x0000000002111000-memory.dmp

Filesize
4KB

Download
memory/1732-9-0x00000000020E0000-0x00000000020E1000-memory.dmp

Filesize
4KB

Download
memory/1732-8-0x00000000020F0000-0x00000000020F1000-memory.dmp

Filesize
4KB

Download
memory/1732-7-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1732-6-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/1732-5-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1732-4-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/1732-3-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/1732-2-0x00000000002D0000-0x00000000002D2000-memory.dmp

Filesize
8KB

Download
memory/1732-64-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/1732-63-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/1732-62-0x0000000002960000-0x0000000002961000-memory.dmp

Filesize
4KB

Download
memory/1732-61-0x0000000002970000-0x0000000002971000-memory.dmp

Filesize
4KB

Download
memory/1732-60-0x0000000002800000-0x0000000002801000-memory.dmp

Filesize
4KB

Download
memory/1732-59-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/1732-66-0x0000000002E80000-0x0000000002E81000-memory.dmp

Filesize
4KB

Download
memory/1732-65-0x0000000002E90000-0x0000000002E91000-memory.dmp

Filesize
4KB

Download
memory/1732-76-0x00000000029F0000-0x00000000029F1000-memory.dmp

Filesize
4KB

Download
memory/1732-75-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/1732-74-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/1732-73-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/1732-72-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/1732-71-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1732-69-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/1732-68-0x0000000002980000-0x0000000002981000-memory.dmp

Filesize
4KB

Download
memory/1732-67-0x0000000002990000-0x0000000002991000-memory.dmp

Filesize
4KB

Download
memory/1732-77-0x00000000001E0000-0x0000000000210000-memory.dmp

Filesize
192KB

Download
memory/1732-78-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads