Overview

overview

8

Static

static

7

021b4796f3...18.exe

windows7-x64

8

021b4796f3...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    021b4796f3f0bd792db283b80f3d9ba0_JaffaCakes118

  • Size

    2.1MB

  • Sample

    240620-c46xfsyejm

  • MD5

    021b4796f3f0bd792db283b80f3d9ba0

  • SHA1

    3fbfa29ea3d4ef1deb49d3241928523c72b2b889

  • SHA256

    aa10d6409c712b3aab2ea9f97a9ee1f05b71f7193ebc52fdea799545caf9c168

  • SHA512

    2c5051a6a9356cb6b1ff107861ad1e4bc70e3cbeabe638cbb55a1c1674041a8b34f75f345f3c796bcc85311e29726519d673648a8bd4daa707636b3bfbf82501

  • SSDEEP

    49152:Lk5FQJYNU6vsp8a19cZPY6n5obPPNE/acSw0Dzm8004PrmHd7csvc9TyVv6:Lk5FhU6kpPIZPdn5o7PNaFSw0/m894jl

Score
8/10
evasionexecutionpersistenceprivilege_escalationupx

Malware Config

Targets

    • Target

      021b4796f3f0bd792db283b80f3d9ba0_JaffaCakes118

    • Size

      2.1MB

    • MD5

      021b4796f3f0bd792db283b80f3d9ba0

    • SHA1

      3fbfa29ea3d4ef1deb49d3241928523c72b2b889

    • SHA256

      aa10d6409c712b3aab2ea9f97a9ee1f05b71f7193ebc52fdea799545caf9c168

    • SHA512

      2c5051a6a9356cb6b1ff107861ad1e4bc70e3cbeabe638cbb55a1c1674041a8b34f75f345f3c796bcc85311e29726519d673648a8bd4daa707636b3bfbf82501

    • SSDEEP

      49152:Lk5FQJYNU6vsp8a19cZPY6n5obPPNE/acSw0Dzm8004PrmHd7csvc9TyVv6:Lk5FhU6kpPIZPdn5o7PNaFSw0/m894jl

    Score
    8/10
    evasionexecutionpersistenceprivilege_escalationupx

    • Modifies Windows Firewall

      evasion

    • Stops running service(s)

      evasionexecution

    • Uses Session Manager for persistence

      Creates Session Manager registry key to run executable early in system boot.

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks