Overview

overview

7

Static

static

7

64c16161cf...18.exe

windows7-x64

7

64c16161cf...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    64c16161cfcc8ce051bae5871889fcfb_JaffaCakes118

  • Size

    1004KB

  • Sample

    240722-zl9xqaxeke

  • MD5

    64c16161cfcc8ce051bae5871889fcfb

  • SHA1

    667395e5fbd2e820acbbc59ab47700308f532f3b

  • SHA256

    8610a8d38c59bf95631025c741c3a2ab93192eb3a39249f609ae6325ee9b2110

  • SHA512

    c920924dd32d944924b169f6f975e52f538632aca7b0bc82abce175f139aefb9dd79b42c1ed3d919b0f696164b8dfe8e6403f39e041e6a49d3d391ec2646ae41

  • SSDEEP

    24576:UYV5z38cVDaf+gMSyBPRZ7H3u7t5hqL+N7biibM8GPcxtvvySQu:Xz386DOhIB/H3uRqLgbMV0tvx

Score
7/10
vmprotect

Malware Config

Targets

    • Target

      64c16161cfcc8ce051bae5871889fcfb_JaffaCakes118

    • Size

      1004KB

    • MD5

      64c16161cfcc8ce051bae5871889fcfb

    • SHA1

      667395e5fbd2e820acbbc59ab47700308f532f3b

    • SHA256

      8610a8d38c59bf95631025c741c3a2ab93192eb3a39249f609ae6325ee9b2110

    • SHA512

      c920924dd32d944924b169f6f975e52f538632aca7b0bc82abce175f139aefb9dd79b42c1ed3d919b0f696164b8dfe8e6403f39e041e6a49d3d391ec2646ae41

    • SSDEEP

      24576:UYV5z38cVDaf+gMSyBPRZ7H3u7t5hqL+N7biibM8GPcxtvvySQu:Xz386DOhIB/H3uRqLgbMV0tvx

    Score
    7/10
    vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks