Overview

overview

10

Static

static

1

65be5073c6...18.dll

windows7-x64

10

65be5073c6...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65be5073c6f4834d3d1c73594d97b75d_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240522-c9ltgahh39

  • MD5

    65be5073c6f4834d3d1c73594d97b75d

  • SHA1

    06c6bc46067313ccaf0d0dad517f5f216f46b4be

  • SHA256

    ab3e4f1244221a33e4995c6bad5e84a5533c633e7efa51c61fd958803ac5ec14

  • SHA512

    a1f333d5001246ce6443d2203b31af97bc946326453680dd5d5c4f8c9c60ca473f844a1ee565b56ccc618434c794d449aa4f618604ee9a1b227e6203be8310c9

  • SSDEEP

    24576:651RzX5yRZj474urTiFDhRj5m6tYFyIG4SN6u0QHsBQ4oxKy1fumXF:DZj474GOdcG76u0QMBQ4ox5umX

Score
10/10
discoveryevasiontrojan

Malware Config

Targets

    • Target

      65be5073c6f4834d3d1c73594d97b75d_JaffaCakes118

    • Size

      1.4MB

    • MD5

      65be5073c6f4834d3d1c73594d97b75d

    • SHA1

      06c6bc46067313ccaf0d0dad517f5f216f46b4be

    • SHA256

      ab3e4f1244221a33e4995c6bad5e84a5533c633e7efa51c61fd958803ac5ec14

    • SHA512

      a1f333d5001246ce6443d2203b31af97bc946326453680dd5d5c4f8c9c60ca473f844a1ee565b56ccc618434c794d449aa4f618604ee9a1b227e6203be8310c9

    • SSDEEP

      24576:651RzX5yRZj474urTiFDhRj5m6tYFyIG4SN6u0QHsBQ4oxKy1fumXF:DZj474GOdcG76u0QMBQ4ox5umX

    Score
    10/10
    discoveryevasiontrojan

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Windows security bypass

      evasiontrojan

    • Blocklisted process makes network request

    • Deletes itself

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks