Overview

overview

8

Static

static

3

64095186bc...18.exe

windows7-x64

8

64095186bc...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    64095186bc8b3292829f8daafcdb22c4_JaffaCakes118

  • Size

    16KB

  • Sample

    240722-vmtvnsycpq

  • MD5

    64095186bc8b3292829f8daafcdb22c4

  • SHA1

    b03d89818656c518d03be50925f8cb932ed45ec9

  • SHA256

    cfa62dbb5442e6ec3bfa51fdb73b7bf34bbbf93594cb87417677df5e99fc7962

  • SHA512

    7a408629040c3264dab35391cb0dcdfc0f0a1f429871fe69868c51589b56c5a593f32b8ad4c62fcdba776c55fcab7c1ac6dd152d8c186e4b67dc269e1109ae97

  • SSDEEP

    384:DWwMFN6EU34XbW0Pv5yNWWHY4cYdZWqtLV:NMFN7UIXVO5dZWsV

Score
8/10
evasionexecutionpersistence

Malware Config

Targets

    • Target

      64095186bc8b3292829f8daafcdb22c4_JaffaCakes118

    • Size

      16KB

    • MD5

      64095186bc8b3292829f8daafcdb22c4

    • SHA1

      b03d89818656c518d03be50925f8cb932ed45ec9

    • SHA256

      cfa62dbb5442e6ec3bfa51fdb73b7bf34bbbf93594cb87417677df5e99fc7962

    • SHA512

      7a408629040c3264dab35391cb0dcdfc0f0a1f429871fe69868c51589b56c5a593f32b8ad4c62fcdba776c55fcab7c1ac6dd152d8c186e4b67dc269e1109ae97

    • SSDEEP

      384:DWwMFN6EU34XbW0Pv5yNWWHY4cYdZWqtLV:NMFN7UIXVO5dZWsV

    Score
    8/10
    evasionexecutionpersistence

    • Creates new service(s)

      persistenceexecution

    • Server Software Component: Terminal Services DLL

      persistence

    • Stops running service(s)

      evasionexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks