Overview

overview

8

Static

static

3

899716818a...18.exe

windows7-x64

8

899716818a...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    899716818a53b0129851f6a6507b06d4_JaffaCakes118

  • Size

    244KB

  • Sample

    240811-jrtjxs1epk

  • MD5

    899716818a53b0129851f6a6507b06d4

  • SHA1

    26164f871c2bbf29181bff7356b4bf9c89990176

  • SHA256

    fd88e41684fc72d837792a7f2542504c0b58d8fd5953f24737ec542ce46a7b72

  • SHA512

    c36ecf60efee84db1432cd5191a5d8904e6bc2c246baad3b8b7fc0240cd4e62e57affdca19a0166be4c1c7d313ea68e1e9cab83adf9acfc02318153d0421b1da

  • SSDEEP

    6144:xcmb9v646MkD6KqzyIAmaQHCyTNIEBH6:xcs64VTAmuynBH6

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      899716818a53b0129851f6a6507b06d4_JaffaCakes118

    • Size

      244KB

    • MD5

      899716818a53b0129851f6a6507b06d4

    • SHA1

      26164f871c2bbf29181bff7356b4bf9c89990176

    • SHA256

      fd88e41684fc72d837792a7f2542504c0b58d8fd5953f24737ec542ce46a7b72

    • SHA512

      c36ecf60efee84db1432cd5191a5d8904e6bc2c246baad3b8b7fc0240cd4e62e57affdca19a0166be4c1c7d313ea68e1e9cab83adf9acfc02318153d0421b1da

    • SSDEEP

      6144:xcmb9v646MkD6KqzyIAmaQHCyTNIEBH6:xcs64VTAmuynBH6

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: AppCert DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppCert DLLs loaded into processes.

      persistenceprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks