Overview

overview

7

Static

static

7

f9aa168c38...18.exe

windows7-x64

7

f9aa168c38...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2024, 06:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9aa168c389ae12e85c0ec9425d47b96_JaffaCakes118.exe

  • Size

    633KB

  • MD5

    f9aa168c389ae12e85c0ec9425d47b96

  • SHA1

    500368dfe7774c33d6c35940eb44bb16f88a283b

  • SHA256

    5f4577ec50a6272a3788e9513e6dd5a047a023b9499b24132890ea6377064eb3

  • SHA512

    e65ee364863d5bd76d824e079f56e6cf30211afbeb4432f385bc5c24f806fc6211ed32c63d7e26b8db0a30d6fba6d9793423b97e45f71e3dc1f0efb641ee3483

  • SSDEEP

    12288:Gd0eDqjKgtBAW4Fqh4NBJAWqlaZzzgI1Zomv0O6LI+MtntdvUkREdc5j/TBNu2sK:GdxDqR6shkJF5xIL4tntZ5jPsXa

Score
7/10
evasionthemida

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9aa168c389ae12e85c0ec9425d47b96_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f9aa168c389ae12e85c0ec9425d47b96_JaffaCakes118.exe"
    1⤵
    • Identifies Wine through registry keys
    PID:4268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4268-0-0x0000000010000000-0x0000000010162000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/4268-1-0x0000000010000000-0x0000000010162000-memory.dmp

    Filesize

    1.4MB

    Download