General
-
Target
CAJ.exe
-
Size
1.7MB
-
Sample
211204-rrve8abbel
-
MD5
011d1ed32a5521504f57593bbe5a1077
-
SHA1
a94cf29b2fa5c518f4658e554225f667a23234c8
-
SHA256
2739f9d88ca7b74774c449ada327c291f79147caeb678773bab78185f5c1fb24
-
SHA512
eeed3bb9cd1376170596fef462b92379936f1dceee9ddf5dd58967145ae6e4b6b086edc54c9c2fef0a75169134875a450ff0285010bd99c148ee93a849e6f89a
Static task
static1
Behavioral task
behavioral1
Sample
CAJ.exe
Resource
win7-en-20211014
Malware Config
Targets
-
-
Target
CAJ.exe
-
Size
1.7MB
-
MD5
011d1ed32a5521504f57593bbe5a1077
-
SHA1
a94cf29b2fa5c518f4658e554225f667a23234c8
-
SHA256
2739f9d88ca7b74774c449ada327c291f79147caeb678773bab78185f5c1fb24
-
SHA512
eeed3bb9cd1376170596fef462b92379936f1dceee9ddf5dd58967145ae6e4b6b086edc54c9c2fef0a75169134875a450ff0285010bd99c148ee93a849e6f89a
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-