Overview

overview

7

Static

static

3

ea90f24508...18.exe

windows7-x64

7

ea90f24508...18.exe

windows10-2004-x64

Analysis

  • max time kernel
    7s
  • max time network
    6s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 04:16

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    ea90f24508b1f24a1f7b8081d31efc86_JaffaCakes118.exe

  • Size

    7.6MB

  • MD5

    ea90f24508b1f24a1f7b8081d31efc86

  • SHA1

    8f452886be6dce2237ed2c7bd4b6035fcabb749d

  • SHA256

    7cd39a8f167ef4fc41888164ae27558489e7873a3f93530f709161875f96b950

  • SHA512

    82d9d12a427a6268c1566e2d5a02396a8424534c4ef4e8c2e2846de673573ff44ebc3382d0f5ad495d790e66fe30333e955a111eec66aec81a64a22a1c3f0cef

  • SSDEEP

    49152:HE9XTMt36FsYEcZXeUR4ytjDSnSU6K5amsRHg4arAQbBJqDwa9cBzkVog+Hedo81:IsyzG5aVRHg4aRrqz9oyxOqo806wiWm

Score
7/10
discoveryevasion

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 18 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea90f24508b1f24a1f7b8081d31efc86_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ea90f24508b1f24a1f7b8081d31efc86_JaffaCakes118.exe"
    1⤵
    • Identifies Wine through registry keys
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3388
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4260,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=4004 /prefetch:8
    1⤵
      PID:2632

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3388-0-0x0000000000400000-0x0000000000C2A000-memory.dmp

      Filesize

      8.2MB

      Download