Overview

overview

8

Static

static

3

38f151b516...18.exe

windows7-x64

8

38f151b516...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38f151b5164d18158be1d6e3493a897d_JaffaCakes118

  • Size

    259KB

  • Sample

    240711-nns67svblq

  • MD5

    38f151b5164d18158be1d6e3493a897d

  • SHA1

    b3dd8da39983db5e8f582e1715e36b80eb51aaba

  • SHA256

    516935769ce832ae4e31e38ae0764009f90b55208710b29987f9289bd4fafc3d

  • SHA512

    94b73294bb46c4ecfd2ca32a27885c9f5ac99cfc7bce758e89d1dc7719c7dccaeef9558f96c94bfa734d603266397fa202e6f5a56401e1c497f9ce4a59fe3131

  • SSDEEP

    6144:S16bnUWDUqJDdfMixNz9z+LS0X8W3Yp/UTxNbt0O4xy4qjqYq4lH:S16bULqFdEixN0j6/Oh0nxBgqYPH

Score
8/10
persistenceprivilege_escalation

Malware Config

Targets

    • Target

      38f151b5164d18158be1d6e3493a897d_JaffaCakes118

    • Size

      259KB

    • MD5

      38f151b5164d18158be1d6e3493a897d

    • SHA1

      b3dd8da39983db5e8f582e1715e36b80eb51aaba

    • SHA256

      516935769ce832ae4e31e38ae0764009f90b55208710b29987f9289bd4fafc3d

    • SHA512

      94b73294bb46c4ecfd2ca32a27885c9f5ac99cfc7bce758e89d1dc7719c7dccaeef9558f96c94bfa734d603266397fa202e6f5a56401e1c497f9ce4a59fe3131

    • SSDEEP

      6144:S16bnUWDUqJDdfMixNz9z+LS0X8W3Yp/UTxNbt0O4xy4qjqYq4lH:S16bULqFdEixN0j6/Oh0nxBgqYPH

    Score
    8/10
    persistenceprivilege_escalation

    • Event Triggered Execution: AppCert DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppCert DLLs loaded into processes.

      persistenceprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks