Overview

overview

7

Static

static

7

75a7030590...18.exe

windows7-x64

7

75a7030590...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    75a703059053efb81220594bd9bf4c8e_JaffaCakes118

  • Size

    56KB

  • Sample

    240726-zjw8vaxapg

  • MD5

    75a703059053efb81220594bd9bf4c8e

  • SHA1

    9289328e7513171b40ad51101e0091c79cacc9df

  • SHA256

    2db62cc6d300d7b4ab03a70d6e6724054058acbbf6ee6047c32c4f7deb0900cf

  • SHA512

    7cc7c25cd7d74ddc4b1ca180050fe3fa98f48e7a5e08ffa3d85b56e8c19cd83ed5a595560787fdae30fe6faf5e81d0f7185696d2357691887630e6caae537598

  • SSDEEP

    768:JupZtHFTf1DBfP1IDZQxEmPu/pBl980O3XBKw+EUO5uy5R7:op7Hdf1DFdIDZyRQQJnBLX9v

Score
7/10
discoveryvmprotect

Malware Config

Targets

    • Target

      75a703059053efb81220594bd9bf4c8e_JaffaCakes118

    • Size

      56KB

    • MD5

      75a703059053efb81220594bd9bf4c8e

    • SHA1

      9289328e7513171b40ad51101e0091c79cacc9df

    • SHA256

      2db62cc6d300d7b4ab03a70d6e6724054058acbbf6ee6047c32c4f7deb0900cf

    • SHA512

      7cc7c25cd7d74ddc4b1ca180050fe3fa98f48e7a5e08ffa3d85b56e8c19cd83ed5a595560787fdae30fe6faf5e81d0f7185696d2357691887630e6caae537598

    • SSDEEP

      768:JupZtHFTf1DBfP1IDZQxEmPu/pBl980O3XBKw+EUO5uy5R7:op7Hdf1DFdIDZyRQQJnBLX9v

    Score
    7/10
    discoveryvmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks