Overview

overview

8

Static

static

3

677e9ab97d...18.exe

windows7-x64

8

677e9ab97d...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    677e9ab97db7c24adfb4cfcbd9d08b9c_JaffaCakes118

  • Size

    290KB

  • Sample

    240723-n38v7svgmj

  • MD5

    677e9ab97db7c24adfb4cfcbd9d08b9c

  • SHA1

    559a533a3e6cec3d4730476b28e1e75010394009

  • SHA256

    d490de05314255cb970a526326d25956ec0448b507ee770f825a5778dab48a20

  • SHA512

    9173aecfadc52f47a648295744099fd791c62e2056b1328df9d127381250d13cdfcde023f6ac8bdbed59c9cb6260b0ebc104c4a74db362911bb6d771010e8f04

  • SSDEEP

    6144:8VSEn9toc0w3z62HMaDVGgcaPYJYRHKYttOjt+yYrHDqkdvT1Uh:2SEn9toc0J9aD00QUqcOjtYTGkdb1

Score
8/10
persistenceprivilege_escalation

Malware Config

Targets

    • Target

      677e9ab97db7c24adfb4cfcbd9d08b9c_JaffaCakes118

    • Size

      290KB

    • MD5

      677e9ab97db7c24adfb4cfcbd9d08b9c

    • SHA1

      559a533a3e6cec3d4730476b28e1e75010394009

    • SHA256

      d490de05314255cb970a526326d25956ec0448b507ee770f825a5778dab48a20

    • SHA512

      9173aecfadc52f47a648295744099fd791c62e2056b1328df9d127381250d13cdfcde023f6ac8bdbed59c9cb6260b0ebc104c4a74db362911bb6d771010e8f04

    • SSDEEP

      6144:8VSEn9toc0w3z62HMaDVGgcaPYJYRHKYttOjt+yYrHDqkdvT1Uh:2SEn9toc0J9aD00QUqcOjtYTGkdb1

    Score
    8/10
    persistenceprivilege_escalation

    • Event Triggered Execution: AppCert DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppCert DLLs loaded into processes.

      persistenceprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks