Overview

overview

7

Static

static

7

14b0536a95...18.exe

windows7-x64

7

14b0536a95...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    14b0536a95a54cf411d0013683a4da5e_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240627-e4nrzsvfjk

  • MD5

    14b0536a95a54cf411d0013683a4da5e

  • SHA1

    563fcca37f52ca7631d5fd8de094a891447242d8

  • SHA256

    097e769bb74ce0cfd26cfc049cd1d8f3a3cf878fbd45ce0f32369f077a31edbd

  • SHA512

    078a183e9aab4780696fd2215ffa0dfbd567b5a269c9891efe719588b1fa68202d78e322ab961e3467056509044949c9e63f5b99dd1b5bc48ec8f67085c63827

  • SSDEEP

    24576:/3T4jzor+RAyMVsclEvswhw8bNYWvvnZ4PFlM/DPCCcq8OfQrvolXF6u2yW:/8jErt6clk2nMjzcqpfQLqXF6p

Score
7/10
evasionthemida

Malware Config

Targets

    • Target

      14b0536a95a54cf411d0013683a4da5e_JaffaCakes118

    • Size

      1.1MB

    • MD5

      14b0536a95a54cf411d0013683a4da5e

    • SHA1

      563fcca37f52ca7631d5fd8de094a891447242d8

    • SHA256

      097e769bb74ce0cfd26cfc049cd1d8f3a3cf878fbd45ce0f32369f077a31edbd

    • SHA512

      078a183e9aab4780696fd2215ffa0dfbd567b5a269c9891efe719588b1fa68202d78e322ab961e3467056509044949c9e63f5b99dd1b5bc48ec8f67085c63827

    • SSDEEP

      24576:/3T4jzor+RAyMVsclEvswhw8bNYWvvnZ4PFlM/DPCCcq8OfQrvolXF6u2yW:/8jErt6clk2nMjzcqpfQLqXF6p

    Score
    7/10
    evasionthemida

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks