6cf92f7489d93cc2a726457e4b5dcca8c509cb09f72f560358b9244ee27e1671

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18/10/2024, 06:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

55f72af5ac777fa61ae3de1b827d2961_JaffaCakes118.exe
Size

831KB
MD5

55f72af5ac777fa61ae3de1b827d2961
SHA1

42e7f6ded924bc6a0301fa5fa2a9669f041791a3
SHA256

6cf92f7489d93cc2a726457e4b5dcca8c509cb09f72f560358b9244ee27e1671
SHA512

e7af623fc3f30bd3e113a162168390c7757d46679dd329665643d1ce4f3f19480297998005bcd5b9cc78e05c1fc1fd107287f956b345235f7c803a04e356076a
SSDEEP

12288:Xny2dqq0Q1a3brTmQjwd8flI23CRma9+G9kIqDrw0Vtez5kTxEHVP8TVyLmg/TU5:iOqHAaqQnIpmFIqDr7mz5kTk8TELT0t

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	55f72af5ac777fa61ae3de1b827d2961_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	55f72af5ac777fa61ae3de1b827d2961_JaffaCakes118.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	55f72af5ac777fa61ae3de1b827d2961_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	55f72af5ac777fa61ae3de1b827d2961_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	55f72af5ac777fa61ae3de1b827d2961_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\55f72af5ac777fa61ae3de1b827d2961_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\55f72af5ac777fa61ae3de1b827d2961_JaffaCakes118.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\controller.ini

Filesize
43B

MD5
299970828c1fc2ec754f3137f2cfc3a6

SHA1
be75ac8b5cf4e32a2590433807d9af5f559a126f

SHA256
49f1465ffe637dc49c9c5c8ac5d4287e9e87deb58f6f1fb299cfcc5cafa5c6c4

SHA512
cb0851cd98c823b788d7d3df494dc3fbceb75e766a50dddd2a696440e18ed8dfc161f3fd0279331c1c715e5b4092a9657b9dd520b7163f8a089bfbceb6db1d4f

Download Submit
memory/2440-7-0x00000000020A0000-0x00000000020A1000-memory.dmp

Filesize
4KB

Download
memory/2440-84-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download
memory/2440-6-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/2440-5-0x00000000020B0000-0x00000000020B2000-memory.dmp

Filesize
8KB

Download
memory/2440-3-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/2440-2-0x00000000020B0000-0x00000000020B1000-memory.dmp

Filesize
4KB

Download
memory/2440-14-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download
memory/2440-13-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/2440-12-0x00000000020E0000-0x00000000020E1000-memory.dmp

Filesize
4KB

Download
memory/2440-11-0x00000000020F0000-0x00000000020F1000-memory.dmp

Filesize
4KB

Download
memory/2440-10-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2440-0-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download
memory/2440-4-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/2440-8-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/2440-9-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2440-54-0x0000000000770000-0x00000000007A5000-memory.dmp

Filesize
212KB

Download
memory/2440-55-0x00000000020B0000-0x00000000020B1000-memory.dmp

Filesize
4KB

Download
memory/2440-57-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/2440-59-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download
memory/2440-63-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download
memory/2440-66-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download
memory/2440-70-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download
memory/2440-77-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download
memory/2440-80-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download
memory/2440-1-0x0000000000770000-0x00000000007A5000-memory.dmp

Filesize
212KB

Download
memory/2440-87-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download
memory/2440-105-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads