2244fca140090a0d18192bbc23bea336a3a1433c9847b77ceb3486de1d5feb57

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02/05/2024, 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0dbf8800ed4d560b1a52169718431a55_JaffaCakes118.exe
Size

2.9MB
MD5

0dbf8800ed4d560b1a52169718431a55
SHA1

c42d696f1d0a0281c48e045f55604ef355685761
SHA256

2244fca140090a0d18192bbc23bea336a3a1433c9847b77ceb3486de1d5feb57
SHA512

d6b654861de9bd9f7fbdae23fe9d5d73d6e63c30cde63a6b9852146e2a22a9fe46c307fa18d5baf650a2e529ab8d77816e90ae74e446d7c48b2cac462171607d
SSDEEP

49152:Zcjlsh7LSBpl6+cAsthBUFvPc9fmpEKBhYLEYAl3bBAGxh4gbi3Zc3yxK5dX2yE8:qm6McP0mpEKLYLgJNAG3rCZFsDXPEDw

Score

9^/10

evasion upx

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	0dbf8800ed4d560b1a52169718431a55_JaffaCakes118.exe

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x00350000000149ea-13.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
912	0dbf8800ed4d560b1a52169718431a55_JaffaCakes118.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00350000000149ea-13.dat	upx
behavioral1/memory/912-16-0x0000000010000000-0x0000000010269000-memory.dmp	upx
behavioral1/memory/912-19-0x0000000010000000-0x0000000010269000-memory.dmp	upx
behavioral1/memory/912-24-0x0000000010000000-0x0000000010269000-memory.dmp	upx
behavioral1/memory/912-31-0x0000000010000000-0x0000000010269000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
912	0dbf8800ed4d560b1a52169718431a55_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0dbf8800ed4d560b1a52169718431a55_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0dbf8800ed4d560b1a52169718431a55_JaffaCakes118.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\KJrhwhvGGG.tmp\htmlayout.dll

Filesize
943KB

MD5
dd305582564b7973909265167faacce4

SHA1
02a8db6c70f328bbad69177d843553405f88fa0f

SHA256
58968138a0c8e6f7ab324a50906e29ef2980ccd5b844758fbf64176ea563a42c

SHA512
6cac3596c9d254c0d1f86be64affe801a7e887db8936c214431d0504ed19054ea94f747159e1c99e7bb60ad9ce88d1b48e5643fd92788585496eef785d6612cd

Download Submit
memory/912-4-0x0000000077830000-0x0000000077831000-memory.dmp

Filesize
4KB

Download
memory/912-2-0x0000000077830000-0x0000000077831000-memory.dmp

Filesize
4KB

Download
memory/912-0-0x0000000000400000-0x0000000000A74000-memory.dmp

Filesize
6.5MB

Download
memory/912-8-0x0000000077670000-0x0000000077671000-memory.dmp

Filesize
4KB

Download
memory/912-10-0x0000000000400000-0x0000000000A74000-memory.dmp

Filesize
6.5MB

Download
memory/912-1-0x0000000000401000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/912-16-0x0000000010000000-0x0000000010269000-memory.dmp

Filesize
2.4MB

Download
memory/912-17-0x0000000000400000-0x0000000000A74000-memory.dmp

Filesize
6.5MB

Download
memory/912-18-0x0000000000400000-0x0000000000A74000-memory.dmp

Filesize
6.5MB

Download
memory/912-19-0x0000000010000000-0x0000000010269000-memory.dmp

Filesize
2.4MB

Download
memory/912-24-0x0000000010000000-0x0000000010269000-memory.dmp

Filesize
2.4MB

Download
memory/912-31-0x0000000010000000-0x0000000010269000-memory.dmp

Filesize
2.4MB

Download