General
-
Target
1a7c7e27218d2425925aae4bf10654ab_JaffaCakes118
-
Size
660KB
-
Sample
240701-jlwr4atamq
-
MD5
1a7c7e27218d2425925aae4bf10654ab
-
SHA1
6aa93a8d0bef9d40268549adb0466aef531df9c8
-
SHA256
4f39964baa43b7279b7bcbacfbd884add7a262a9ce4e951faf5aeb3fd493ce57
-
SHA512
ec8e0fce30d08f32ca99bf67bbc3ae629abd0692f5f502c2aa62ffd9da6abf456686efa85076e8fc5272c91d6a510517663f5d150af6eb281003be7ca0482c86
-
SSDEEP
6144:yPNDXW8jOD/gSwgQM6/lkw3RRHxNjfOB8xOE5SY:UW77gSw7WwBJ
Static task
static1
Behavioral task
behavioral1
Sample
1a7c7e27218d2425925aae4bf10654ab_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
1a7c7e27218d2425925aae4bf10654ab_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
1a7c7e27218d2425925aae4bf10654ab_JaffaCakes118
-
Size
660KB
-
MD5
1a7c7e27218d2425925aae4bf10654ab
-
SHA1
6aa93a8d0bef9d40268549adb0466aef531df9c8
-
SHA256
4f39964baa43b7279b7bcbacfbd884add7a262a9ce4e951faf5aeb3fd493ce57
-
SHA512
ec8e0fce30d08f32ca99bf67bbc3ae629abd0692f5f502c2aa62ffd9da6abf456686efa85076e8fc5272c91d6a510517663f5d150af6eb281003be7ca0482c86
-
SSDEEP
6144:yPNDXW8jOD/gSwgQM6/lkw3RRHxNjfOB8xOE5SY:UW77gSw7WwBJ
Score8/10-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-