2afa1263c47b3a4830cb948607a097136cb0cde6205bc8a0665a313632d607f9

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
Size

174KB
MD5

8a9f78b45ce85e2a8288e2a5f4ca89aa
SHA1

bac58c2681aa04ff98e73af10d5a3f566dad9119
SHA256

2afa1263c47b3a4830cb948607a097136cb0cde6205bc8a0665a313632d607f9
SHA512

82bf6a4dc966bd730ae5907544a68239ff0feda629056403ac285fac237961627ce589f4c8b3e48fbb8ba1eb75fbf58282f73deb6993ba745cb819463f2068b2
SSDEEP

3072:l+BC3K5eqZB6Kvf3t9Aeq7t6/F69v4k4BP7GzZAEbvAMFGm3rpPQ:HK7ZBzH3e8N69v4DW6EjxvlPQ

Score

8^/10

vmprotect

Malware Config

Signatures

Drops file in Drivers directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\bxvbda.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\MSPCLOCK.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\ohci1394.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\processr.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\System32\DRIVERS\tssecsrv.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\kbdhid.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\arc.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\aliide.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\nv_agp.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\DRIVERS\pacer.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\BrFiltUp.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\flpydisk.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\System32\DRIVERS\scfilter.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\storvsc.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\USBSTOR.SYS	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\rdprefmp.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\System32\drivers\ipnat.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\megasas.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\usbccgp.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\vmbus.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\modem.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\DRIVERS\ndiscap.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\System32\Drivers\Null.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\System32\Drivers\RDPWD.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\serial.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\SiSRaid2.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\stexstor.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\peauth.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\lsi_sas2.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\arcsas.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\BrFiltLo.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\System32\drivers\dxgkrnl.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\gagp30kx.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\DRIVERS\smb.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\1394ohci.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\adpahci.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\adpu320.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\elxstor.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\hcw85cir.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\DRIVERS\ipfltdrv.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\MTConfig.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\qwavedrv.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\cmdide.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\sffdisk.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\tsusbhub.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\System32\Drivers\BrUsbSer.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\circlass.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\amdk8.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\amdsbs.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\sfloppy.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\iirsp.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\IPMIDrv.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\nvstor.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\tdtcp.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\TsUsbGD.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\usbuhci.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\intelppm.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\sermouse.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\sffp_mmc.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\tsusbflt.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\rdpencdd.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\iaStorV.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\sisraid4.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
File opened for modification	C:\Windows\system32\drivers\VMBusHID.sys	JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/1936-0-0x0000000000400000-0x0000000000453000-memory.dmp	vmprotect
behavioral1/memory/1936-1-0x0000000000400000-0x0000000000453000-memory.dmp	vmprotect
behavioral1/memory/1936-4-0x0000000000400000-0x0000000000453000-memory.dmp	vmprotect

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a9f78b45ce85e2a8288e2a5f4ca89aa.exe"
1⤵
- Drops file in Drivers directory
PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1936-0-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1936-1-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1936-4-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads