Analysis

  • max time kernel
    140s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 09:36

General

  • Target

    e9b25668467a8146710c6caee31a2f54_JaffaCakes118.exe

  • Size

    530KB

  • MD5

    e9b25668467a8146710c6caee31a2f54

  • SHA1

    27b949b442ca08669d43b7c5c0810c77e193d81c

  • SHA256

    063191bdfa60b87b7c0b4d734017fbbc48d85bc8111793ef2e9190e3b68b6d08

  • SHA512

    41363fdea082f1122a160cb8e8e06db6b3cc37c00437b37e01622c49724c57a0acd0c4183e27faf62157682d5934fd62b584d6eb9c56cf36c979055f761be8b4

  • SSDEEP

    12288:snged37+lnKFaGXp0xCQHAHCyGOuCWtGFkxCMdn8J1A5qmAugtChb:s7+RKFaQpCCTHCyGrCtOxCInimUztCZ

Score
7/10

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Themida packer 15 IoCs

    Detects Themida, an advanced Windows software protection system.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e9b25668467a8146710c6caee31a2f54_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e9b25668467a8146710c6caee31a2f54_JaffaCakes118.exe"
    1⤵
    • Identifies Wine through registry keys
    PID:2264

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2264-0-0x0000000000400000-0x00000000005D3000-memory.dmp

          Filesize

          1.8MB

        • memory/2264-1-0x0000000000400000-0x00000000005D3000-memory.dmp

          Filesize

          1.8MB

        • memory/2264-2-0x0000000000400000-0x00000000005D3000-memory.dmp

          Filesize

          1.8MB

        • memory/2264-3-0x0000000000400000-0x00000000005D3000-memory.dmp

          Filesize

          1.8MB

        • memory/2264-4-0x0000000000400000-0x00000000005D3000-memory.dmp

          Filesize

          1.8MB

        • memory/2264-5-0x0000000000400000-0x00000000005D3000-memory.dmp

          Filesize

          1.8MB

        • memory/2264-6-0x0000000000400000-0x00000000005D3000-memory.dmp

          Filesize

          1.8MB

        • memory/2264-7-0x0000000000400000-0x00000000005D3000-memory.dmp

          Filesize

          1.8MB

        • memory/2264-8-0x0000000000400000-0x00000000005D3000-memory.dmp

          Filesize

          1.8MB

        • memory/2264-9-0x0000000000400000-0x00000000005D3000-memory.dmp

          Filesize

          1.8MB

        • memory/2264-10-0x0000000000400000-0x00000000005D3000-memory.dmp

          Filesize

          1.8MB

        • memory/2264-11-0x0000000000400000-0x00000000005D3000-memory.dmp

          Filesize

          1.8MB

        • memory/2264-12-0x0000000000400000-0x00000000005D3000-memory.dmp

          Filesize

          1.8MB

        • memory/2264-13-0x0000000000400000-0x00000000005D3000-memory.dmp

          Filesize

          1.8MB

        • memory/2264-14-0x0000000000400000-0x00000000005D3000-memory.dmp

          Filesize

          1.8MB