Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 10:19

General

  • Target

    0517b0613e9bc016de8232847e25d92c_JaffaCakes118.exe

  • Size

    662KB

  • MD5

    0517b0613e9bc016de8232847e25d92c

  • SHA1

    8242dc29e7cf0dfcc003d516ea2519bb988f1331

  • SHA256

    511c0e53d4d823a3a916eb3e7c777f1d4f9d38f0da43af7cdaeb878f5108ae65

  • SHA512

    b7107640651dbd3c229f8f17c45c8b2cd3146748b0f956a5813240658fcae4cdfab20766f613be1e5cc3713958d124f7e8d4da6c92d58674b6868e66f343f07d

  • SSDEEP

    12288:rqGZ8ncXHupt22tY433iuw12IFztImgZahByYw0GWFTsZtUYTj/wefpI:Cc3/43yuSWmC0UtZj/wAI

Score
7/10

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0517b0613e9bc016de8232847e25d92c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0517b0613e9bc016de8232847e25d92c_JaffaCakes118.exe"
    1⤵
    • Identifies Wine through registry keys
    PID:1436

Network

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1436-0-0x0000000000400000-0x00000000005E4000-memory.dmp
    Filesize

    1.9MB

  • memory/1436-1-0x0000000000400000-0x00000000005E4000-memory.dmp
    Filesize

    1.9MB