f874732e16e1247bdcea30d08f322e0bf32a926d8007ca4a66228e26e0b8f634 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

2f0c1e1428...18.exe

windows7-x64

8

2f0c1e1428...18.exe

windows10-2004-x64

8

Sharing

General

Target

2f0c1e1428ffe1e6a49701c9e868b4ad_JaffaCakes118
Size

85KB
Sample

240709-fjc1esxbjm
MD5

2f0c1e1428ffe1e6a49701c9e868b4ad
SHA1

6e58844efde10feae2ff24379526791ee3f91d83
SHA256

f874732e16e1247bdcea30d08f322e0bf32a926d8007ca4a66228e26e0b8f634
SHA512

a495fe5187e5b3c9d5bf05734789f179963e26a3d14eef1e0e847d3381296a47fd428a979a2524d7a2bac28a6ef64047b1db94a2498b9c01e3bbb6aa7a74b2bc
SSDEEP

1536:JZzpf8qLOuz4wi0ipQ8f7VffnFnToIf5TR/r5ZANbWmuw8G8m:vzpUqbpUxVffntTBf5TR/r5ZANbWqr8m

Score

8^/10

persistence vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2f0c1e1428ffe1e6a49701c9e868b4ad_JaffaCakes118.exe

Resource

win7-20240704-en

persistence vmprotect

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2f0c1e1428ffe1e6a49701c9e868b4ad_JaffaCakes118.exe

Resource

win10v2004-20240704-en

persistence vmprotect

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  2f0c1e1428ffe1e6a49701c9e868b4ad_JaffaCakes118
- Size
  
  85KB
- MD5
  
  2f0c1e1428ffe1e6a49701c9e868b4ad
- SHA1
  
  6e58844efde10feae2ff24379526791ee3f91d83
- SHA256
  
  f874732e16e1247bdcea30d08f322e0bf32a926d8007ca4a66228e26e0b8f634
- SHA512
  
  a495fe5187e5b3c9d5bf05734789f179963e26a3d14eef1e0e847d3381296a47fd428a979a2524d7a2bac28a6ef64047b1db94a2498b9c01e3bbb6aa7a74b2bc
- SSDEEP
  
  1536:JZzpf8qLOuz4wi0ipQ8f7VffnFnToIf5TR/r5ZANbWmuw8G8m:vzpUqbpUxVffntTBf5TR/r5ZANbWqr8m
Score

8^/10

persistence vmprotect
- Drops file in Drivers directory
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencevmprotect

behavioral2

persistencevmprotect

© 2018-2025

Terms | Privacy