Overview

overview

8

Static

static

3

3ed2f2b13b...18.exe

windows7-x64

8

3ed2f2b13b...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    3ed2f2b13b855cf6e6909d09bcdfb930_JaffaCakes118

  • Size

    175KB

  • Sample

    240712-zkwzgasalf

  • MD5

    3ed2f2b13b855cf6e6909d09bcdfb930

  • SHA1

    7a89eb6be366fa15bc94ef7e43d1dc41d01a3b47

  • SHA256

    e706a27c8befbc22029aa2f33c5f8c51be52a42c05cdf414d06633e6ae153c6a

  • SHA512

    3a50266edb850f264a05d4dcd1b65839e3f9ff4c4948a519081765f67f9c25959405226fb3d6236b5f5cce464078ef1a5b9aa0fbd3cc3e505c505bca85a23364

  • SSDEEP

    3072:LXpnGI9NAlzZsAKEJgf4U3r9Ui9NuOVCSEAOlfPTsrcbEv2NmDxylGdkS50B4:LZ99NAltsAKEjUJUiLuOVPOlfPwhvym2

Score
8/10
evasionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      3ed2f2b13b855cf6e6909d09bcdfb930_JaffaCakes118

    • Size

      175KB

    • MD5

      3ed2f2b13b855cf6e6909d09bcdfb930

    • SHA1

      7a89eb6be366fa15bc94ef7e43d1dc41d01a3b47

    • SHA256

      e706a27c8befbc22029aa2f33c5f8c51be52a42c05cdf414d06633e6ae153c6a

    • SHA512

      3a50266edb850f264a05d4dcd1b65839e3f9ff4c4948a519081765f67f9c25959405226fb3d6236b5f5cce464078ef1a5b9aa0fbd3cc3e505c505bca85a23364

    • SSDEEP

      3072:LXpnGI9NAlzZsAKEJgf4U3r9Ui9NuOVCSEAOlfPTsrcbEv2NmDxylGdkS50B4:LZ99NAltsAKEjUJUiLuOVPOlfPwhvym2

    Score
    8/10
    evasionpersistenceprivilege_escalation

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • Looks for VMWare Tools registry key

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks