440de5c3ce1c9cf276516354babcae98f726b2f6a16d747f5ca2154b0e450410

Analysis

max time kernel
2s
max time network
7s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17/10/2024, 16:59

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

52bcb68bd9014fb692a49b610635c2a9_JaffaCakes118.exe
Size

529KB
MD5

52bcb68bd9014fb692a49b610635c2a9
SHA1

f93b41ee9b979e25903948dc939af3e0711eb751
SHA256

440de5c3ce1c9cf276516354babcae98f726b2f6a16d747f5ca2154b0e450410
SHA512

9feedd8762dd3e6d3069e9bfcae5b26b0cc0e8bf6a377cec07c4e2a5132ca5d5814b0a66db52711a521401ab02d3caa49b38f7ad47d0fda45f401d0c73c7696d
SSDEEP

12288:H30ur0KrSJ/Q00FxSP0yr+oJ+MH8rsHpd6JOCi:Nr0raxFQP03a9HP6Fi

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	52bcb68bd9014fb692a49b610635c2a9_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2820	52bcb68bd9014fb692a49b610635c2a9_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\52bcb68bd9014fb692a49b610635c2a9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\52bcb68bd9014fb692a49b610635c2a9_JaffaCakes118.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2820-3-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/2820-2-0x00000000002B0000-0x000000000031B000-memory.dmp

Filesize
428KB

Download
memory/2820-1-0x0000000002DA0000-0x0000000002EA0000-memory.dmp

Filesize
1024KB

Download
memory/2820-4-0x0000000000400000-0x0000000002D12000-memory.dmp

Filesize
41.1MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads