Overview

overview

7

Static

static

3

81c36b059e...18.exe

windows7-x64

7

81c36b059e...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81c36b059e1a6a1aca07cd37a28a02db_JaffaCakes118

  • Size

    217KB

  • Sample

    240801-zshrtazhqg

  • MD5

    81c36b059e1a6a1aca07cd37a28a02db

  • SHA1

    ec15ccfd6da7d837cc4cfabd7a59fd3c21d424ac

  • SHA256

    f859131ad0bd17c647f2cb6c3eb31f334ff27ce825546f89ee443bf3e7d0823d

  • SHA512

    689f572ca653c20a07bbe83f052a200ef706c2d03b9371425c29f1e69cde5f90a8e3ccd603b0e56694443e7ff7ee51e0c777fdad6918ec7f101915ef49fd37bd

  • SSDEEP

    6144:yw2S2iMNBKx3HiKfjztUhzTuVfkfsn7J:yA3MoHXmfsfkfsn7J

Score
7/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      81c36b059e1a6a1aca07cd37a28a02db_JaffaCakes118

    • Size

      217KB

    • MD5

      81c36b059e1a6a1aca07cd37a28a02db

    • SHA1

      ec15ccfd6da7d837cc4cfabd7a59fd3c21d424ac

    • SHA256

      f859131ad0bd17c647f2cb6c3eb31f334ff27ce825546f89ee443bf3e7d0823d

    • SHA512

      689f572ca653c20a07bbe83f052a200ef706c2d03b9371425c29f1e69cde5f90a8e3ccd603b0e56694443e7ff7ee51e0c777fdad6918ec7f101915ef49fd37bd

    • SSDEEP

      6144:yw2S2iMNBKx3HiKfjztUhzTuVfkfsn7J:yA3MoHXmfsfkfsn7J

    Score
    7/10
    discoverypersistenceprivilege_escalation

    • Deletes itself

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks