5c7e4b927889538272ab2f56bafa0cf9cd87973c3a388a1a9a7d2d11a0ee2071

Analysis

max time kernel
148s
max time network
153s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
07/07/2024, 12:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29fd98538352513258ce3e227557c0e8_JaffaCakes118.exe
Size

459KB
MD5

29fd98538352513258ce3e227557c0e8
SHA1

852f37b2eeed6245436a496d729b3aa7e5e14e68
SHA256

5c7e4b927889538272ab2f56bafa0cf9cd87973c3a388a1a9a7d2d11a0ee2071
SHA512

f240ec1c990fdf7ee3615e48d382e3d0422f7931e2febde458a01931d823e5335b7f2062fb705d233339df8df0ae5748032c0eede64ccf9cfd0df8c03931a8af
SSDEEP

12288:a3aOZZnaNk09pBKhWSzJmNoVqsd5yAi8YWeR+:a3aMZnSk09pCWSzvf4Ai8vU+

Score

9^/10

evasion upx

Malware Config

Signatures

Checks for common network interception software 1 TTPs
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
evasion

Software Discovery
T1518

Enumerates VirtualBox registry keys 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest	29fd98538352513258ce3e227557c0e8_JaffaCakes118.exe

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	29fd98538352513258ce3e227557c0e8_JaffaCakes118.exe
File created	C:\Windows\system32\drivers\etc\hosts	29fd98538352513258ce3e227557c0e8_JaffaCakes118.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1196-0-0x0000000000990000-0x0000000000A34000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1196	29fd98538352513258ce3e227557c0e8_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\29fd98538352513258ce3e227557c0e8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\29fd98538352513258ce3e227557c0e8_JaffaCakes118.exe"
1⤵
- Enumerates VirtualBox registry keys
- Drops file in Drivers directory
- Suspicious behavior: EnumeratesProcesses
PID:1196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1196-0-0x0000000000990000-0x0000000000A34000-memory.dmp

Filesize
656KB

Download
memory/1196-1-0x0000000000070000-0x0000000000075000-memory.dmp

Filesize
20KB

Download
memory/1196-2-0x0000000000070000-0x0000000000075000-memory.dmp

Filesize
20KB

Download
memory/1196-3-0x0000000000990000-0x0000000000A13000-memory.dmp

Filesize
524KB

Download
memory/1196-4-0x0000000000990000-0x0000000000A34000-memory.dmp

Filesize
656KB

Download
memory/1196-6-0x0000000000990000-0x0000000000A13000-memory.dmp

Filesize
524KB

Download
memory/1196-7-0x0000000000990000-0x0000000000A34000-memory.dmp

Filesize
656KB

Download
memory/1196-9-0x0000000000990000-0x0000000000A34000-memory.dmp

Filesize
656KB

Download
memory/1196-13-0x0000000000990000-0x0000000000A34000-memory.dmp

Filesize
656KB

Download
memory/1196-19-0x0000000000990000-0x0000000000A34000-memory.dmp

Filesize
656KB

Download
memory/1196-21-0x0000000000990000-0x0000000000A34000-memory.dmp

Filesize
656KB

Download