Overview

overview

10

Static

static

3

JaffaCakes...3d.rar

windows7-x64

1

JaffaCakes...3d.rar

windows10-2004-x64

1

filedata.exe

windows7-x64

10

filedata.exe

windows10-2004-x64

10

filedata.exe

windows7-x64

10

filedata.exe

windows10-2004-x64

10

filedata.exe

windows7-x64

10

filedata.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2024 02:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    filedata.exe

  • Size

    2.7MB

  • MD5

    d921d26cebc3bedad6419ef4298cd3e1

  • SHA1

    973e0d3e6af8596f67e1a93b29122eea8af38108

  • SHA256

    158e7d6361ca30df80d5edc5de38f5852961ad49dcc4e024f2ed8a00662c1792

  • SHA512

    81cc4b95c081c1fefa63542d2583aa3f1820f66cd137fa4486d23601801712b3d1d4b1d9cdec7c8391ba0c5e2177778c987c2547faa95802cab1fccfe33741f3

  • SSDEEP

    49152:nL2mxSw1wKb1ryOKQSg+o5Ru4rUjd/H8P3JiltNreKClt:Lnhb12Y5AD9cBuc

Score
10/10
bootkitpersistence

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Deletes itself 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 1 IoCs
  • Gathers system information 1 TTPs 1 IoCs

    Runs systeminfo.exe.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\filedata.exe
    "C:\Users\Admin\AppData\Local\Temp\filedata.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2700
    • C:\Windows\system32\cmd.exe
      cmd.exe /c systeminfo > NUL && del "C:\Users\Admin\AppData\Local\Temp\filedata.exe" > NUL
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:1524
      • C:\Windows\system32\systeminfo.exe
        systeminfo
        3⤵
        • Gathers system information
        PID:952
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -C $env:psldr|iex|iex
    1⤵
    • Process spawned unexpected child process
    • Writes to the Master Boot Record (MBR)
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin:737B1129
    Filesize

    157B

    MD5

    4613bd1eef8eee3a77ed13bc6d79c9d6

    SHA1

    2a8d87d248fbc92f8700b72d4930828714fadb2f

    SHA256

    0e366995a587577e6fc240cc9f70323366b5b7c12064b4a7782dd9515b695965

    SHA512

    42aed6a9eb4224f0401a04304eba15926ad2b5b7d58b4ac871e6f9a07f2f7e7b8ba6165a35e7bc5a89381530ca88a645039a05f7d795a3c559d6bab298a1f705

    Download Submit

  • memory/2184-25-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-10-0x000007FEF53F0000-0x000007FEF5D8D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2184-7-0x000007FEF53F0000-0x000007FEF5D8D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2184-4-0x000007FEF56AE000-0x000007FEF56AF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-9-0x000007FEF53F0000-0x000007FEF5D8D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2184-8-0x000007FEF53F0000-0x000007FEF5D8D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2184-11-0x000007FEF53F0000-0x000007FEF5D8D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2184-12-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-13-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-29-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-35-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-43-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-45-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-47-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-61-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-27-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-73-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-17-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-19-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-21-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-5-0x000000001B610000-0x000000001B8F2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2184-6-0x0000000002860000-0x0000000002868000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2184-15-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-75-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-71-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-69-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-68-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-65-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-63-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-59-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-57-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-55-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-53-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-979-0x000007FEF53F0000-0x000007FEF5D8D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2184-51-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-50-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-41-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-39-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-37-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-33-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-31-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-23-0x000000001CAD0000-0x000000001CD92000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2184-1812-0x000007FEF56AE000-0x000007FEF56AF000-memory.dmp

    Filesize

    4KB

    Download