Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 10:41

General

  • Target

    053cecb41b7f26f18803ce2c4ccc31ae_JaffaCakes118.exe

  • Size

    525KB

  • MD5

    053cecb41b7f26f18803ce2c4ccc31ae

  • SHA1

    bb8d67a6011626bd89859fa4a1ea7f82ad8bc983

  • SHA256

    3724498636d6faa08ce64a2e9e3cc91ffdc3fd3238715b6a95d2bd65d08e17d4

  • SHA512

    d4b3689ca0c23f4d8a66cc26c4f8eab53eb8f4d371574e4e22fb68e9c735addfcc161b79282311eb7df1e7421f74596411c7775e8ccb8ab23684fc5767c6a525

  • SSDEEP

    12288:wfEjYwprWJQnrCJy98ZmVyB3/lshbE7ok0VaxXcQW81VQK6I9t:wfJEaSrCFcAZtiI0vYxXcNCQk

Score
7/10

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

Processes

  • C:\Users\Admin\AppData\Local\Temp\053cecb41b7f26f18803ce2c4ccc31ae_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\053cecb41b7f26f18803ce2c4ccc31ae_JaffaCakes118.exe"
    1⤵
    • Identifies Wine through registry keys
    PID:4412

Network

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4412-0-0x0000000000400000-0x00000000005DC000-memory.dmp
    Filesize

    1.9MB

  • memory/4412-1-0x0000000000400000-0x00000000005DC000-memory.dmp
    Filesize

    1.9MB