Overview

overview

7

Static

static

3

69e1e9e431...18.exe

windows7-x64

7

69e1e9e431...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    69e1e9e431b2759be7bdd668268dfe78_JaffaCakes118

  • Size

    77KB

  • Sample

    240724-cnmtmssemr

  • MD5

    69e1e9e431b2759be7bdd668268dfe78

  • SHA1

    da6c6b7b46f17511cdfa6fff6a4e6a41afe65940

  • SHA256

    0ff456077cf66d20ef08d5bcd810d6a16f68bdcbcd909a6721672cde5c4a0070

  • SHA512

    b1762f5bd9267436c012e894d296835bac64b4dd59554270383039fa56cd947ed7d619103e5b1d16eb3c4e4d21a80aa34ee2361d777f402a93df736ee7a14bf8

  • SSDEEP

    1536:uw4zKFY6bW9RX4jIRblotNxSXxRMrUOCA1BF02k+GP7xzeyhAOulU:uw4zKFY6qXuIRcNgwLzF1k1P7xzeVOum

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      69e1e9e431b2759be7bdd668268dfe78_JaffaCakes118

    • Size

      77KB

    • MD5

      69e1e9e431b2759be7bdd668268dfe78

    • SHA1

      da6c6b7b46f17511cdfa6fff6a4e6a41afe65940

    • SHA256

      0ff456077cf66d20ef08d5bcd810d6a16f68bdcbcd909a6721672cde5c4a0070

    • SHA512

      b1762f5bd9267436c012e894d296835bac64b4dd59554270383039fa56cd947ed7d619103e5b1d16eb3c4e4d21a80aa34ee2361d777f402a93df736ee7a14bf8

    • SSDEEP

      1536:uw4zKFY6bW9RX4jIRblotNxSXxRMrUOCA1BF02k+GP7xzeyhAOulU:uw4zKFY6qXuIRcNgwLzF1k1P7xzeVOum

    Score
    7/10
    discoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks