fe68fa8aa8522badacc0c97554cd4a1b8d466dd16dc61b86542e799db0d1f7ae

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
03-04-2024 00:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b288f1ed4b43253489dbd03b8902445_JaffaCakes118.exe
Size

847KB
MD5

9b288f1ed4b43253489dbd03b8902445
SHA1

1aaaf8dcc605ec1ce72bbadea6655ce26eb31517
SHA256

fe68fa8aa8522badacc0c97554cd4a1b8d466dd16dc61b86542e799db0d1f7ae
SHA512

e22b548195c3528869d0f67b0036fab1f95c6f74e70a8b77b829822487916e99c5fe12b49635856c667ee78a459163dbdb899c0833d9c8502246180b74096db1
SSDEEP

12288:TaOZoS4FJfBSkkkkkkkkkkkkkkx9L+kIkkvkkkkkkkk7ZLmfKWYEh2JmDt1J3y/R:QXklIKyWYI2IhfYl12Hk

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

9b288f1ed4b43253489dbd03b8902445_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions	9b288f1ed4b43253489dbd03b8902445_JaffaCakes118.exe

Looks for VMWare Tools registry key 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

9b288f1ed4b43253489dbd03b8902445_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\VMware, Inc.\VMware Tools 9b288f1ed4b43253489dbd03b8902445_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\VMware, Inc.\VMware Tools	9b288f1ed4b43253489dbd03b8902445_JaffaCakes118.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

9b288f1ed4b43253489dbd03b8902445_JaffaCakes118.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	9b288f1ed4b43253489dbd03b8902445_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	9b288f1ed4b43253489dbd03b8902445_JaffaCakes118.exe

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

9b288f1ed4b43253489dbd03b8902445_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	9b288f1ed4b43253489dbd03b8902445_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	9b288f1ed4b43253489dbd03b8902445_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\9b288f1ed4b43253489dbd03b8902445_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9b288f1ed4b43253489dbd03b8902445_JaffaCakes118.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Maps connected drives based on registry
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4984 --field-trial-handle=2232,i,3915538061666887171,15629965885515244134,262144 --variations-seed-version /prefetch:8
1⤵
PID:416

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1560-0-0x0000000074C90000-0x0000000075440000-memory.dmp

Filesize
7.7MB

Download
memory/1560-1-0x00000000004D0000-0x00000000005A8000-memory.dmp

Filesize
864KB

Download
memory/1560-2-0x0000000004E30000-0x0000000004ECC000-memory.dmp

Filesize
624KB

Download
memory/1560-3-0x0000000005480000-0x0000000005A24000-memory.dmp

Filesize
5.6MB

Download
memory/1560-4-0x0000000004ED0000-0x0000000004F62000-memory.dmp

Filesize
584KB

Download
memory/1560-5-0x0000000005060000-0x0000000005070000-memory.dmp

Filesize
64KB

Download
memory/1560-6-0x0000000005070000-0x000000000507A000-memory.dmp

Filesize
40KB

Download
memory/1560-7-0x00000000050E0000-0x0000000005136000-memory.dmp

Filesize
344KB

Download
memory/1560-8-0x0000000002850000-0x0000000002864000-memory.dmp

Filesize
80KB

Download
memory/1560-9-0x0000000074C90000-0x0000000075440000-memory.dmp

Filesize
7.7MB

Download
memory/1560-10-0x0000000005060000-0x0000000005070000-memory.dmp

Filesize
64KB

Download
memory/1560-11-0x0000000008F10000-0x0000000008F9A000-memory.dmp

Filesize
552KB

Download
memory/1560-12-0x0000000006450000-0x0000000006484000-memory.dmp

Filesize
208KB

Download
memory/1560-13-0x000000000E010000-0x000000000E076000-memory.dmp

Filesize
408KB

Download
memory/1560-15-0x0000000074C90000-0x0000000075440000-memory.dmp

Filesize
7.7MB

Download