Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26-11-2024 00:15
General
-
Target
9ebc485bce1398a6040aef3744757167_JaffaCakes118.exe
-
Size
375KB
-
MD5
9ebc485bce1398a6040aef3744757167
-
SHA1
acd1a3b61a0f3119a7fbc96c7a094c2d23f57440
-
SHA256
c92e401ecc92529ff3dc397a515cdf1d0804f22745fd8c482b73dc4ebad0f43d
-
SHA512
cef04cedba177c3dfdc4695a9a582fe95517957bfa55a21f17c3518074478351401880cc338a14e0512996c78dfa5b31a58fbe7e4ceb414da3ba71c528fb32ae
-
SSDEEP
6144:xZ3aLmcqJeNrSzb5vGpAjfj5aoaJkWsrB6Nj6jaxQRbjG80wpS+sBIW:xi7qUpCb5eCfoo6nR6uUNS+
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9ebc485bce1398a6040aef3744757167_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9ebc485bce1398a6040aef3744757167_JaffaCakes118.exe"1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\9ebc485bce1398a6040aef3744757167_JaffaCakes118.exe"2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
-
Filesize
1.3MB