Overview

overview

8

Static

static

7

6a0f0d08e1...18.exe

windows7-x64

8

6a0f0d08e1...18.exe

windows10-2004-x64

7

$TEMP/qwerty.dll

windows7-x64

7

$TEMP/qwerty.dll

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    6a0f0d08e1284b34782fe535464b37d3_JaffaCakes118

  • Size

    106KB

  • Sample

    240724-dv6e1avhll

  • MD5

    6a0f0d08e1284b34782fe535464b37d3

  • SHA1

    1c6232771f6afc39d537042d4114fc606d45b53e

  • SHA256

    f17c0afc30175c283b7465b89c9b45a188df12cdae446b65396353296c8db0ca

  • SHA512

    0800c44b2db416f67eab3d3c8d8ac87a8e8f20b7d6629191d6c70a08446f4c980ef76759e0482ba6d78c58bad46357e57bcb54ac55826084584c83c1e0764a79

  • SSDEEP

    3072:IgXdZt9P6D3XJbCdL6Pmkv7WIoOqheQ8yABkSI:Ie344dVkv7RoVeQ0c

Score
8/10
discoveryupx

Malware Config

Targets

    • Target

      6a0f0d08e1284b34782fe535464b37d3_JaffaCakes118

    • Size

      106KB

    • MD5

      6a0f0d08e1284b34782fe535464b37d3

    • SHA1

      1c6232771f6afc39d537042d4114fc606d45b53e

    • SHA256

      f17c0afc30175c283b7465b89c9b45a188df12cdae446b65396353296c8db0ca

    • SHA512

      0800c44b2db416f67eab3d3c8d8ac87a8e8f20b7d6629191d6c70a08446f4c980ef76759e0482ba6d78c58bad46357e57bcb54ac55826084584c83c1e0764a79

    • SSDEEP

      3072:IgXdZt9P6D3XJbCdL6Pmkv7WIoOqheQ8yABkSI:Ie344dVkv7RoVeQ0c

    Score
    8/10
    discoveryupx

    • Blocklisted process makes network request

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $TEMP/qwerty.dll

    • Size

      75KB

    • MD5

      cca14bdf86edbfa408f1fc7dae29203d

    • SHA1

      b6f9e50f93c5212d3785d634e1ff92c227537312

    • SHA256

      6bdc20e04fc1b14678c8a8ed8ff66b6a52a7bf76de8b573d269cd41d095f10dc

    • SHA512

      58e3e22f0fff2a96ab714c1d1004fdfb69528c8f0c314d9d9b15a18e2e1d5d78e0769e1fabd222f81b52207bb4e74aac80800d4c6856d94e381e31f9c5e01a85

    • SSDEEP

      768:uMdb42tYmhNz1GkJa15ZezD4jAfCUlsCSB2izLF9L6mPmrEamU2oy8K9wPFd5EbO:hfdwX15Zef4Sy1BnLLurbTy6MUlN2b96

    Score
    7/10
    discoveryupx

    • Deletes itself

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks