General
-
Target
4f112f651b8025db019ae8089a8d591a_JaffaCakes118
-
Size
253KB
-
Sample
241016-z399tawhmj
-
MD5
4f112f651b8025db019ae8089a8d591a
-
SHA1
17a81f254644dc7cb89739d0789de51bddf7365d
-
SHA256
f8fcdb7600d274e4bfbcc4cea1a3484b917956f343fd05c5a3488b5d72dbef8e
-
SHA512
93fae5fd976fdb22c9acf93918e04d7f0eeab0f9476e0d22b432f4e4e0b344f89a5a32cd97998289efac5c8c59b65c9d27d4a8cb322f36962557f023d1fca21c
-
SSDEEP
6144:4VFNCNrUiyArOqLVA97qxKD/diPo1S11WXTjiBHk95:UN0UOrXZA97PD/dwWKBHk95
Behavioral task
behavioral1
Sample
4f112f651b8025db019ae8089a8d591a_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4f112f651b8025db019ae8089a8d591a_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4f112f651b8025db019ae8089a8d591a_JaffaCakes118
-
Size
253KB
-
MD5
4f112f651b8025db019ae8089a8d591a
-
SHA1
17a81f254644dc7cb89739d0789de51bddf7365d
-
SHA256
f8fcdb7600d274e4bfbcc4cea1a3484b917956f343fd05c5a3488b5d72dbef8e
-
SHA512
93fae5fd976fdb22c9acf93918e04d7f0eeab0f9476e0d22b432f4e4e0b344f89a5a32cd97998289efac5c8c59b65c9d27d4a8cb322f36962557f023d1fca21c
-
SSDEEP
6144:4VFNCNrUiyArOqLVA97qxKD/diPo1S11WXTjiBHk95:UN0UOrXZA97PD/dwWKBHk95
Score10/10-
Suspicious use of NtCreateProcessOtherParentProcess
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-