Overview

overview

10

Static

static

7

688dee4f20...18.exe

windows7-x64

10

688dee4f20...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    688dee4f2057a90ce1b5879be7cb0b47_JaffaCakes118

  • Size

    239KB

  • Sample

    240723-v6b4za1enr

  • MD5

    688dee4f2057a90ce1b5879be7cb0b47

  • SHA1

    4ab5e9522dacfb3755b615778fd5a9d4ce730773

  • SHA256

    2953c6b61d62a95d904baa4a33731128940db283ddea5cebf9ac2b308fdfb703

  • SHA512

    acb9cbd5e59ae6aee4ca6cf779607b24f30e1dd93594ffa115462f4d9d4335d76b72060ba6e3dc03194b4f1c10e3ef942bd0571a8256bed7f302a31526686bbb

  • SSDEEP

    6144:Box5TDrw7XlguLM2z0Rjha0fVBzhFTKASWHQayoMmzL:WM7XljLM2UtvdZhFTKPA3DMmzL

Score
10/10
discoveryevasionpersistenceupx

Malware Config

Targets

    • Target

      688dee4f2057a90ce1b5879be7cb0b47_JaffaCakes118

    • Size

      239KB

    • MD5

      688dee4f2057a90ce1b5879be7cb0b47

    • SHA1

      4ab5e9522dacfb3755b615778fd5a9d4ce730773

    • SHA256

      2953c6b61d62a95d904baa4a33731128940db283ddea5cebf9ac2b308fdfb703

    • SHA512

      acb9cbd5e59ae6aee4ca6cf779607b24f30e1dd93594ffa115462f4d9d4335d76b72060ba6e3dc03194b4f1c10e3ef942bd0571a8256bed7f302a31526686bbb

    • SSDEEP

      6144:Box5TDrw7XlguLM2z0Rjha0fVBzhFTKASWHQayoMmzL:WM7XljLM2UtvdZhFTKPA3DMmzL

    Score
    10/10
    discoveryevasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Adds policy Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks