b861eef317b3cdd388f3aac07b1cd11bf7bd29b39309620cf293f8b77a6a96d1

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 08:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eae7fa6f0383705f79cc13f495d8b621_JaffaCakes118.exe
Size

2.5MB
MD5

eae7fa6f0383705f79cc13f495d8b621
SHA1

ce955c2a111e3e22655c64fe35e193f4a1509d2e
SHA256

b861eef317b3cdd388f3aac07b1cd11bf7bd29b39309620cf293f8b77a6a96d1
SHA512

d89c87ef93803ff28739f4b77f8e34f8b9557cc15345c2144c229f6bcdbea7cddbbb048ad8f7bf3ff881d9e75e8e928e8b4e718ca528dfd532ac3e17f97e90a7
SSDEEP

49152:lQ+rhhyyiurEjq6S3h2aZb+tdmtl+OOt7wYpTuEbrC5xdse8C:lQK2UtbDfEpSEnioC

Score

7^/10

discovery evasion trojan

Malware Config

Signatures

Identifies Wine through registry keys 2 TTPs 1 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Wine	eae7fa6f0383705f79cc13f495d8b621_JaffaCakes118.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	eae7fa6f0383705f79cc13f495d8b621_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eae7fa6f0383705f79cc13f495d8b621_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\eae7fa6f0383705f79cc13f495d8b621_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eae7fa6f0383705f79cc13f495d8b621_JaffaCakes118.exe"
1⤵
- Identifies Wine through registry keys
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
PID:4300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4300-0-0x0000000000400000-0x0000000000973000-memory.dmp

Filesize
5.4MB

Download
memory/4300-1-0x0000000000400000-0x0000000000973000-memory.dmp

Filesize
5.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads