Analysis
-
max time kernel
141s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
12/04/2024, 03:30
Behavioral task
behavioral1
Sample
ef068302c6ebd50bfca8954353e48352_JaffaCakes118.exe
Resource
win7-20231129-en
3 signatures
150 seconds
General
-
Target
ef068302c6ebd50bfca8954353e48352_JaffaCakes118.exe
-
Size
3.2MB
-
MD5
ef068302c6ebd50bfca8954353e48352
-
SHA1
05f445e809664553c532377d788f8533048d4220
-
SHA256
ec5d8ab2cad5f65eddcd395de00cf03ba51fcf7ca7b74960f46cab12ca31b1fd
-
SHA512
00dc5a11d78e3436589e606f5df052c064009b4c7db6d0fbccd1911f0c46545880dbbdbba0106bf1ae5fcc7d26de3ce8991a6b83e7dc7aaf4e5e10294c529846
-
SSDEEP
49152:Jpdt6qeB1xny9L3iXhvroCFV/ztQ86n60mCSzJBhngj089XRaJ66N8TVdfgyv:D63Fy9eX1oCFttQuhdkXf6N8P
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion ef068302c6ebd50bfca8954353e48352_JaffaCakes118.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion ef068302c6ebd50bfca8954353e48352_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/756-0-0x0000000000400000-0x0000000000C34000-memory.dmp upx behavioral1/memory/756-1-0x0000000000400000-0x0000000000C34000-memory.dmp upx -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ef068302c6ebd50bfca8954353e48352_JaffaCakes118.exe