Overview
overview
10Static
static
3a454cf45f1...18.exe
windows7-x64
10a454cf45f1...18.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3Cdx.exe
windows7-x64
9Cdx.exe
windows10-2004-x64
9Setup.exe
windows7-x64
10Setup.exe
windows10-2004-x64
10Two.vbs
windows7-x64
6Two.vbs
windows10-2004-x64
6enigma_ide.dll
windows7-x64
1enigma_ide.dll
windows10-2004-x64
1enigma_ide64.dll
windows7-x64
1enigma_ide64.dll
windows10-2004-x64
1udis.dll
windows7-x64
1udis.dll
windows10-2004-x64
3Analysis
-
max time kernel
140s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 07:02
Static task
static1
Behavioral task
behavioral1
Sample
a454cf45f16ce0a03a2656fcdc05df63_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a454cf45f16ce0a03a2656fcdc05df63_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Cdx.exe
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
Cdx.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
Setup.exe
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
Setup.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
Two.vbs
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
Two.vbs
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
enigma_ide.dll
Resource
win7-20240419-en
Behavioral task
behavioral20
Sample
enigma_ide.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
enigma_ide64.dll
Resource
win7-20240611-en
Behavioral task
behavioral22
Sample
enigma_ide64.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
udis.dll
Resource
win7-20240508-en
Behavioral task
behavioral24
Sample
udis.dll
Resource
win10v2004-20240611-en
General
-
Target
Cdx.exe
-
Size
2.0MB
-
MD5
eb57e84905bea5e75e717d0edb58a8b6
-
SHA1
fbd7ed1a3a2c6ed09ddd3675d5b3711b02cc1c02
-
SHA256
d6a9b164f3e3faa8d75a28f519682d11829a8975f5a88b1357de88a253b67187
-
SHA512
728b034d71f40ae2afd06058b88755752233d78c73518ef75f08e353f6d8deaee308a93a312dba0e249590019245d848c724481e9333df71ec062f00b0e26727
-
SSDEEP
49152:Uemhr7hs8FqeS292UE33tsvw1rwG0vbS:UeO728geV92RIK
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
Cdx.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Cdx.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
Cdx.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Cdx.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Cdx.exe -
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
Cdx.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Wine Cdx.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
Cdx.exepid process 4776 Cdx.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
Cdx.exepid process 4776 Cdx.exe 4776 Cdx.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Cdx.exe"C:\Users\Admin\AppData\Local\Temp\Cdx.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4776-0-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-1-0x00000000779B4000-0x00000000779B6000-memory.dmpFilesize
8KB
-
memory/4776-7-0x0000000009E90000-0x0000000009E91000-memory.dmpFilesize
4KB
-
memory/4776-11-0x0000000000401000-0x000000000045D000-memory.dmpFilesize
368KB
-
memory/4776-10-0x0000000009FD0000-0x0000000009FD1000-memory.dmpFilesize
4KB
-
memory/4776-9-0x0000000009E70000-0x0000000009E71000-memory.dmpFilesize
4KB
-
memory/4776-8-0x0000000009E50000-0x0000000009E51000-memory.dmpFilesize
4KB
-
memory/4776-6-0x0000000009E60000-0x0000000009E61000-memory.dmpFilesize
4KB
-
memory/4776-5-0x0000000009EB0000-0x0000000009EB1000-memory.dmpFilesize
4KB
-
memory/4776-4-0x0000000009EA0000-0x0000000009EA1000-memory.dmpFilesize
4KB
-
memory/4776-2-0x0000000009E80000-0x0000000009E81000-memory.dmpFilesize
4KB
-
memory/4776-3-0x0000000009E00000-0x0000000009E01000-memory.dmpFilesize
4KB
-
memory/4776-12-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-13-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-14-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-15-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-16-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-17-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-18-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-19-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-20-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-21-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-22-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-23-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-24-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-25-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-26-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-27-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-28-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-29-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-30-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-31-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-32-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-33-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB
-
memory/4776-34-0x0000000000400000-0x0000000000918000-memory.dmpFilesize
5.1MB