8094045d441c4c32ff5587303cc86dae74378f87392f00388340ca208d875d75 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

CF完美�...��.exe

windows7-x64

9

CF完美�...��.exe

windows10-2004-x64

9

Sharing

General

Target

36fe60ad6dc3235170168ed9e63c33ec_JaffaCakes118
Size

1.2MB
Sample

241011-1t86tswcqf
MD5

36fe60ad6dc3235170168ed9e63c33ec
SHA1

c58ba87f3340c9971ac3a6c9bd822b320afbf007
SHA256

8094045d441c4c32ff5587303cc86dae74378f87392f00388340ca208d875d75
SHA512

96b21403c3b5c5365dfefa2beecb98e5c4a0657351aa358499c5c221996a0a1079c0c76e88b32b8ea94a2fe9020b746fb936614569821d38c03f3730c1798162
SSDEEP

24576:22fs/JNeAerf4ibFm/XhYHLz/X91yCIArQgLqG2tqjX0982oCscXqH:22E/xerfDFyhYrz/X9ZrLLqwz0r8c6H

Score

9^/10

discovery evasion

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

CF完美窗口化-国庆版.exe

Resource

win7-20240903-en

discovery evasion

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

CF完美窗口化-国庆版.exe

Resource

win10v2004-20241007-en

discovery evasion

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  CF完美窗口化-国庆版.exe
- Size
  
  1.2MB
- MD5
  
  4ab6e1e228fcdd048fd4ec93f22ce56a
- SHA1
  
  9b3c4b3f8e3f6349551fd44064d174101d87405d
- SHA256
  
  61f29b947254eee47b6137c6589b59cc9f42186a135fd35107f1ffc1ac31d9c6
- SHA512
  
  8ec137805b84da35ba1055c1b38bc6e7763a84966a9e1f71e56299ca692ac4ad42bb96fde9bf8b8a47cdcf880cde4f24e39373d2bdef8b470471503a21aeab11
- SSDEEP
  
  24576:6/XkR47YWxu3T7ePwLZGIiHi3TQsfnegadCyK/kym/oLfJe407ZKvBZBx:6/Xkuxu/eYAIJDQ4egadFQrBZr
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion

© 2018-2025

Terms | Privacy