db03b00a06360745f0d126ccada6e9658ff943bd351262ecba06f32c07aa630f

General

Target

d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
Size

31KB
MD5

d6cabd460ab5c1547bcaea518c38bed0
SHA1

a8d0b6bdd1d8c1ddde64a05274943e4e5ab17b63
SHA256

db03b00a06360745f0d126ccada6e9658ff943bd351262ecba06f32c07aa630f
SHA512

66aba0de4cda4b5e7b5fd35b42ec22f15ae1bad3432a05ca3a3104287b99cd9347ea932c3175a86ff9bbb24052fa98e5fd2c2a9a26625a9ea074232c306a3d09
SSDEEP

768:O6aXETFUgD1Ykh19+pzNoF3c0R8fMtowCIAHk36:OhXyWgxYKWzec0RgMqwFAE36

Score

9^/10

discovery evasion

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
1072	Process not Found

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
3056	d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d6cabd460ab5c1547bcaea518c38bed0_JaffaCakes118.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Suspicious behavior: EnumeratesProcesses
PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

2

T1012

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\14f9b653

Filesize
856KB

MD5
63dc5a3da08308b0dae2fec1fd510456

SHA1
52e56c376b7f9543dfb3622fb52dbb4b535977b1

SHA256
6ee9bcf4de423a3a8a85f300495ddc38ffea9a25471f5e863928c897407daf4e

SHA512
a9e902f3a893e88540db58a35b9961a09658e3b972a637a657e7bfd478ac8fd292593a41efdc8304da99fa7074874a92c1193c3ab90c0a7ba99e2d04f64f9c8d

Download Submit
memory/3056-13-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-7-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-3-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-4-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/3056-5-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-6-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-0-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/3056-8-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-9-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-10-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-2-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/3056-11-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-17-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-14-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-15-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-16-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-12-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/3056-18-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-19-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-20-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-21-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-22-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3056-1-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/3056-27-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads