Overview

overview

9

Static

static

3

f969621963...18.dll

windows7-x64

9

f969621963...18.dll

windows10-2004-x64

9

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2024, 03:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f969621963e8aadd361c7608911cf21d_JaffaCakes118.dll

  • Size

    1.8MB

  • MD5

    f969621963e8aadd361c7608911cf21d

  • SHA1

    729f9b4093eec4d600e60f7d41896c4c469a7ac4

  • SHA256

    8eb4a9d8b09d762de7f9fe088be6ef2d01803ee72773ba44750578ae9309e55e

  • SHA512

    c6c1505efc2595094ab6439e5bae4c92d69c3960237a1f2346c89e4b55fd74ba9f01d46f044327bd90d9841d3ceb7d0f98e1816accee11f44b2162a26bfdf4c6

  • SSDEEP

    49152:3d+qrcHQSSsP5lAuvjDbzOHmd/R/TofjPQx/:3d+3HQfqlAMjjOHmdZyQ

Score
9/10
evasion

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f969621963e8aadd361c7608911cf21d_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1780
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\f969621963e8aadd361c7608911cf21d_JaffaCakes118.dll,#1
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Identifies Wine through registry keys
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of UnmapMainImage
      PID:4184
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 784
        3⤵
        • Program crash
        PID:884
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4184 -ip 4184
    1⤵
      PID:3696
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3972 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:936

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4184-0-0x0000000010000000-0x00000000104BE000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/4184-1-0x0000000077A14000-0x0000000077A16000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4184-2-0x00000000028F0000-0x00000000028F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4184-3-0x0000000000B60000-0x0000000000B61000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4184-4-0x00000000028D0000-0x00000000028D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4184-5-0x0000000002550000-0x0000000002551000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4184-6-0x00000000028E0000-0x00000000028E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4184-7-0x0000000002900000-0x0000000002901000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4184-8-0x0000000000B40000-0x0000000000B41000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4184-9-0x0000000000B70000-0x0000000000B72000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4184-10-0x0000000000B80000-0x0000000000B81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4184-11-0x0000000000B50000-0x0000000000B51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4184-12-0x0000000010000000-0x00000000104BE000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/4184-14-0x00000000029C0000-0x00000000029C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4184-15-0x0000000002AA0000-0x0000000002AA2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4184-13-0x0000000002920000-0x0000000002921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4184-16-0x0000000002980000-0x0000000002981000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4184-17-0x0000000002970000-0x0000000002971000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4184-18-0x0000000000B90000-0x0000000000B91000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4184-19-0x0000000002560000-0x0000000002561000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4184-20-0x0000000002960000-0x0000000002961000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4184-21-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4184-22-0x0000000000720000-0x0000000000734000-memory.dmp

        Filesize

        80KB

        Download

      • memory/4184-24-0x0000000000720000-0x0000000000734000-memory.dmp

        Filesize

        80KB

        Download

      • memory/4184-25-0x0000000000720000-0x0000000000734000-memory.dmp

        Filesize

        80KB

        Download

      • memory/4184-26-0x0000000000720000-0x0000000000734000-memory.dmp

        Filesize

        80KB

        Download

      • memory/4184-27-0x0000000000720000-0x0000000000734000-memory.dmp

        Filesize

        80KB

        Download

      • memory/4184-28-0x0000000010000000-0x00000000104BE000-memory.dmp

        Filesize

        4.7MB

        Download