Analysis
-
max time kernel
140s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
16/10/2024, 23:17
Static task
static1
Behavioral task
behavioral1
Sample
4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe
-
Size
114KB
-
MD5
4f8f4837532efeaea3e91ca74b464a30
-
SHA1
53c7a8aaae2f3c55cf9550de5ba4663e001f667d
-
SHA256
6480fbf1471d7e15eee5c76993e1c05de0e81c5f522d12ef7efaa3a33df03b62
-
SHA512
bd4beb10c0c8d9602b9da66df37f003ca79d7ab94f3f93de8d8513947523fd8bea36ef38f1836a1451f362394f9b1140cfeb818cf80d02a56a31f85dd13c1350
-
SSDEEP
3072:RIaKpjmptbfyAdwdzYM+erE9NYrbAV0p:tppfCYx9NYrb
Malware Config
Signatures
-
Unexpected DNS network traffic destination 10 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 207.188.7.5 Destination IP 210.174.204.115 Destination IP 207.188.7.5 Destination IP 210.103.175.1 Destination IP 210.144.5.163 Destination IP 210.144.5.163 Destination IP 210.174.204.115 Destination IP 62.151.20.7 Destination IP 210.103.175.1 Destination IP 62.151.20.7 -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 20 IoCs
pid Process 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe 560 4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\4f8f4837532efeaea3e91ca74b464a30_JaffaCakes118.exe"1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:560