Overview

overview

7

Static

static

3

36644e0e2f...18.exe

windows7-x64

7

36644e0e2f...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36644e0e2f9978ca12f1ac5e713d2889_JaffaCakes118

  • Size

    187KB

  • Sample

    240710-zzhqdszfkk

  • MD5

    36644e0e2f9978ca12f1ac5e713d2889

  • SHA1

    29d2b9d97ce41bb68df1121cd54a2170fc2c782a

  • SHA256

    0a9be1d4052365bb249cd68e98dae1207885ea1db731248adc26ee551cbaa488

  • SHA512

    2f00d8c046cf607b581624c944362c09e55f1fe4b4ca1683cdc6da6febb1617434c6a2c373009a43b91a4d6174d10462817f3d8630e72e12f20aea5dee6415cf

  • SSDEEP

    3072:JXKgEUQ000kvZk3mT+Q3snJ/wDTPfPMoph9cI1kKy0Otgvjo4Tk0lU2GXxE9g337:5KgY0M4mTn3sJw33hF1Po4HlMxE9gHQ4

Score
7/10
persistenceprivilege_escalation

Malware Config

Targets

    • Target

      36644e0e2f9978ca12f1ac5e713d2889_JaffaCakes118

    • Size

      187KB

    • MD5

      36644e0e2f9978ca12f1ac5e713d2889

    • SHA1

      29d2b9d97ce41bb68df1121cd54a2170fc2c782a

    • SHA256

      0a9be1d4052365bb249cd68e98dae1207885ea1db731248adc26ee551cbaa488

    • SHA512

      2f00d8c046cf607b581624c944362c09e55f1fe4b4ca1683cdc6da6febb1617434c6a2c373009a43b91a4d6174d10462817f3d8630e72e12f20aea5dee6415cf

    • SSDEEP

      3072:JXKgEUQ000kvZk3mT+Q3snJ/wDTPfPMoph9cI1kKy0Otgvjo4Tk0lU2GXxE9g337:5KgY0M4mTn3sJw33hF1Po4HlMxE9gHQ4

    Score
    7/10
    persistenceprivilege_escalation

    • Deletes itself

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks