Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
23-11-2024 22:11
Static task
static1
Behavioral task
behavioral1
Sample
90f1bc2840596a48305f7ca1c8fcd974_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
90f1bc2840596a48305f7ca1c8fcd974_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
90f1bc2840596a48305f7ca1c8fcd974_JaffaCakes118.exe
-
Size
686KB
-
MD5
90f1bc2840596a48305f7ca1c8fcd974
-
SHA1
5bbb4830243d7dc35b1352397a2712e6ada98d08
-
SHA256
2ed231243932fc7b90845379d25421be606f2b71655c2e854e62ee25fefb9fbb
-
SHA512
5e6ca41befa456e92a1467a05a3ea8502f17dcc32b44ab30b55f5aee11611410facc615b5e868c2200d9cd9af1e87feaabe4efc29e97f55be984d6dc7710ddb1
-
SSDEEP
12288:3mEBTASggJMutz4hDhFEouFeED0NO3yEU8m/udmipauZZZZ37nvEo8uICH8WQpXi:5BTNJMuJ0NovlbSWcXPQg/ooo3/VMI1p
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
90f1bc2840596a48305f7ca1c8fcd974_JaffaCakes118.exedescription ioc Process File opened for modification \??\PhysicalDrive0 90f1bc2840596a48305f7ca1c8fcd974_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
90f1bc2840596a48305f7ca1c8fcd974_JaffaCakes118.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 90f1bc2840596a48305f7ca1c8fcd974_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
293B
MD563781cc25c19aa019c11836995cd6d75
SHA104dd038cadc82e63083e8a880cab04af9ee6d68f
SHA2564787aab2092773a86afe852d5c77dca17a7a2eddaf9172ec5f15afa3484a6c32
SHA51295f8b4dd2dd55922e1610ad980770442b274eafc1f310b0f13dec01d9c182917ee372e89d8b7aabe38a193e32cc2ddf5a7a047760c2832bd2afd90d600948025