a4c8599bd7d7bec3165eb6e505a2bc5a0d40fbc0d6fccbb3c54de7c863d0f983 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

7456ef5009...18.exe

windows7-x64

7

7456ef5009...18.exe

windows10-2004-x64

7

Sharing

General

Target

7456ef5009b71796d7c88f906fd085b5_JaffaCakes118
Size

345KB
Sample

240726-q7kqaa1hnm
MD5

7456ef5009b71796d7c88f906fd085b5
SHA1

b53acc53e78f27ca8df55e73c0dd1e1e419b0b19
SHA256

a4c8599bd7d7bec3165eb6e505a2bc5a0d40fbc0d6fccbb3c54de7c863d0f983
SHA512

fce36020c799fbd7d3efe3eed7907a958914bc8f326c27436464d7aaa0812bad492f15674acc97b08a4d312381a5fd81c006926ffbc31c05558e7748d86bed37
SSDEEP

6144:f8R4vZ5tMMFUMK4wBgFb1TLd81X04RxiFD14xXRNXMbl2C8P2:ERmXtMFMvwmb1TLK1/STKErb

Score

7^/10

defense_evasion discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7456ef5009b71796d7c88f906fd085b5_JaffaCakes118.exe

Resource

win7-20240704-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

7456ef5009b71796d7c88f906fd085b5_JaffaCakes118.exe

Resource

win10v2004-20240709-en

defense_evasion discovery upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  7456ef5009b71796d7c88f906fd085b5_JaffaCakes118
- Size
  
  345KB
- MD5
  
  7456ef5009b71796d7c88f906fd085b5
- SHA1
  
  b53acc53e78f27ca8df55e73c0dd1e1e419b0b19
- SHA256
  
  a4c8599bd7d7bec3165eb6e505a2bc5a0d40fbc0d6fccbb3c54de7c863d0f983
- SHA512
  
  fce36020c799fbd7d3efe3eed7907a958914bc8f326c27436464d7aaa0812bad492f15674acc97b08a4d312381a5fd81c006926ffbc31c05558e7748d86bed37
- SSDEEP
  
  6144:f8R4vZ5tMMFUMK4wBgFb1TLd81X04RxiFD14xXRNXMbl2C8P2:ERmXtMFMvwmb1TLK1/STKErb
Score

7^/10

discovery upx defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscoveryupx

© 2018-2024

Terms | Privacy