387bae8a92730a68456eee65d2c6e714fb2e3ffedf23e34d4398e6315cfbb16f | Triage

Submit
Reports

Overview

overview

8

Static

static

7

JaffaCakes...48.dll

windows7-x64

8

JaffaCakes...48.dll

windows10-2004-x64

8

Sharing

General

Target

JaffaCakes118_8a6c314a1d028daf95e25a0b3691e548
Size

612KB
Sample

250328-hl8afssyfw
MD5

8a6c314a1d028daf95e25a0b3691e548
SHA1

c6f0e702cfb98f700295c81580eaf6083887e2bb
SHA256

387bae8a92730a68456eee65d2c6e714fb2e3ffedf23e34d4398e6315cfbb16f
SHA512

d498f22fa8821285167435d533296dee43e4de0cfaa8585f32086860b4b6eda658743c9e0834e8f637e7545347c901e4f8fce2bd0032eb3a512dc71854ac7789
SSDEEP

12288:x7O9KBiABbqtPU/oAhfejKHdTt2EMzgbGT:ZvN5DftqzkST

Score

8^/10

defense_evasion discovery persistence vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_8a6c314a1d028daf95e25a0b3691e548.dll

Resource

win7-20240903-en

defense_evasion discovery persistence vmprotect

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_8a6c314a1d028daf95e25a0b3691e548.dll

Resource

win10v2004-20250314-en

defense_evasion discovery persistence vmprotect

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_8a6c314a1d028daf95e25a0b3691e548
- Size
  
  612KB
- MD5
  
  8a6c314a1d028daf95e25a0b3691e548
- SHA1
  
  c6f0e702cfb98f700295c81580eaf6083887e2bb
- SHA256
  
  387bae8a92730a68456eee65d2c6e714fb2e3ffedf23e34d4398e6315cfbb16f
- SHA512
  
  d498f22fa8821285167435d533296dee43e4de0cfaa8585f32086860b4b6eda658743c9e0834e8f637e7545347c901e4f8fce2bd0032eb3a512dc71854ac7789
- SSDEEP
  
  12288:x7O9KBiABbqtPU/oAhfejKHdTt2EMzgbGT:ZvN5DftqzkST
Score

8^/10

defense_evasion discovery persistence vmprotect
- Blocklisted process makes network request
- Server Software Component: Terminal Services DLL
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistencevmprotect

behavioral2

defense_evasiondiscoverypersistencevmprotect

© 2018-2025

Terms | Privacy