Overview

overview

10

Static

static

3

4447daff35...18.exe

windows7-x64

10

4447daff35...18.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4447daff35b2a06aa5fb587c0848d102_JaffaCakes118

  • Size

    661KB

  • Sample

    240714-exhmdsyerc

  • MD5

    4447daff35b2a06aa5fb587c0848d102

  • SHA1

    f0cb21f70356cf517c121c23b93d70485d98b96c

  • SHA256

    01de343221f5e2225a4d99e4bb474eee555f89e27176ff7380b4300bf20bbc55

  • SHA512

    74a2de4ee690f8218fdfe70594ece281e17273f00cf6fc3bc5f25f48a5e003b086d95328dbcf11e9f718a79d274da360cd3c4fd36ec5dbaef20f43813d93654e

  • SSDEEP

    12288:aqS0ooP+uwLNWV/uw1ek0vf/wQm4g946T/5QzAg2pVpNuVupGXV09dhEa/8QG:Vgq+58hZ9UfZm9fQAg2DUupGeRm

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      4447daff35b2a06aa5fb587c0848d102_JaffaCakes118

    • Size

      661KB

    • MD5

      4447daff35b2a06aa5fb587c0848d102

    • SHA1

      f0cb21f70356cf517c121c23b93d70485d98b96c

    • SHA256

      01de343221f5e2225a4d99e4bb474eee555f89e27176ff7380b4300bf20bbc55

    • SHA512

      74a2de4ee690f8218fdfe70594ece281e17273f00cf6fc3bc5f25f48a5e003b086d95328dbcf11e9f718a79d274da360cd3c4fd36ec5dbaef20f43813d93654e

    • SSDEEP

      12288:aqS0ooP+uwLNWV/uw1ek0vf/wQm4g946T/5QzAg2pVpNuVupGXV09dhEa/8QG:Vgq+58hZ9UfZm9fQAg2DUupGeRm

    Score
    10/10
    evasionpersistencetrojan

    • Windows security bypass

      evasiontrojan

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks