23024599997328f534b22e832933e2ede80288ea3db80a26d1179ce0dd7dabfd

Analysis

max time kernel
140s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 03:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5ed9ef12f02de09c4af1add838b39492_JaffaCakes118.exe
Size

803KB
MD5

5ed9ef12f02de09c4af1add838b39492
SHA1

5fd12a66ff254bacfdd86b448a716e8deffd81cb
SHA256

23024599997328f534b22e832933e2ede80288ea3db80a26d1179ce0dd7dabfd
SHA512

9325d4b088cae2774f7932e68cacb351235bc2058fa49884fd9117113d206ce25d653ae8b0d79507125d301c1cb2e41bd5dc972d5a5d1ea78c298239857e638b
SSDEEP

24576:rtsilRE16+8vAFDMNnWAfBRFbQ5LO/zz2EmWhrx12xB4xxQxG4xfnxKc2LvDDPW3:psiTE16+ohD9QVOrz2Hmrx12xB4xxQx3

Score

7^/10

evasion

Malware Config

Signatures

Identifies Wine through registry keys 2 TTPs 1 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Software\Wine	5ed9ef12f02de09c4af1add838b39492_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4612	1336	WerFault.exe	83

C:\Users\Admin\AppData\Local\Temp\5ed9ef12f02de09c4af1add838b39492_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5ed9ef12f02de09c4af1add838b39492_JaffaCakes118.exe"
1⤵
- Identifies Wine through registry keys
PID:1336
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 288
  2⤵
  - Program crash
  PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1336 -ip 1336
1⤵
PID:4524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1336-0-0x0000000000400000-0x0000000000B93000-memory.dmp

Filesize
7.6MB

Download
memory/1336-1-0x0000000000400000-0x0000000000B93000-memory.dmp

Filesize
7.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads