66ce03644b625a1abcfd88763a282e07a0513acb8a3b243a2308e8fd4aa183b3

Analysis

max time kernel
140s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2024 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4147a43d56eba0d96323ab1aab630c2f_JaffaCakes118.exe
Size

145KB
MD5

4147a43d56eba0d96323ab1aab630c2f
SHA1

3b384a83922e6fb346b23cffb63d56e587cf36d0
SHA256

66ce03644b625a1abcfd88763a282e07a0513acb8a3b243a2308e8fd4aa183b3
SHA512

c30d20c5946e94c3506638b6ce1a8da829eb6a83bb8a18c10eeaf30f7c98524df8793ab902f6115bc06a62524e11a93fc30bcca8a56f64ab951cb6cef6af0323
SSDEEP

3072:FPOOatFypNePpqFbvo1PWwjcFC19aFWB:FPOOSMqP71

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1224	4147a43d56eba0d96323ab1aab630c2f_JaffaCakes118.exe
1224	4147a43d56eba0d96323ab1aab630c2f_JaffaCakes118.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	4147a43d56eba0d96323ab1aab630c2f_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4147a43d56eba0d96323ab1aab630c2f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4147a43d56eba0d96323ab1aab630c2f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4147a43d56eba0d96323ab1aab630c2f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:1224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\GetDiskSerial.dll

Filesize
94KB

MD5
63f50437da8204d95ebe670306e8163b

SHA1
811593f22de2408e8381493aa4774e372cf115f5

SHA256
8309a798747ef436e518a1be25e09a8fe05110deb2c1506c94a854a31d827df6

SHA512
8933bd4cb28c69e4e3717f8e4bacefa7689e61804c959e083c6b2e1e770b05052136392eb974a8415a2a95508ee9ec3ae4016d92a1fdb0ecdebd379e2edb81ab

Download Submit
memory/1224-0-0x0000000074A22000-0x0000000074A23000-memory.dmp

Filesize
4KB

Download
memory/1224-1-0x0000000074A20000-0x0000000074FD1000-memory.dmp

Filesize
5.7MB

Download
memory/1224-2-0x0000000074A20000-0x0000000074FD1000-memory.dmp

Filesize
5.7MB

Download
memory/1224-7-0x0000000008E90000-0x0000000008EAC000-memory.dmp

Filesize
112KB

Download
memory/1224-10-0x0000000074A22000-0x0000000074A23000-memory.dmp

Filesize
4KB

Download
memory/1224-11-0x0000000074A20000-0x0000000074FD1000-memory.dmp

Filesize
5.7MB

Download
memory/1224-12-0x0000000008E90000-0x0000000008EAC000-memory.dmp

Filesize
112KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads