Overview

overview

8

Static

static

7

95f432aa7f...18.exe

windows7-x64

8

95f432aa7f...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    95f432aa7f2104f1acc02d1843c81694_JaffaCakes118

  • Size

    295KB

  • Sample

    240814-nsp1cavdjq

  • MD5

    95f432aa7f2104f1acc02d1843c81694

  • SHA1

    4ec46f7583acea88473ea9bff41876c3861410d0

  • SHA256

    693f8570691799f05ec5e92dac6dcd69bd77bac571b3448bbecee5fcc8aa0b47

  • SHA512

    69bd8c87c8eada1db5f63c2d6694897754ed26cb651bc611b23c44d64d0e878932ceb8c2abe7a5281179fc40a232fce0a2394dd17366553c7943b59e7d1a120c

  • SSDEEP

    6144:6W8QcOWX/ZGw5jL3CDUm0+CUdwtoPoT0lvf9ePTNJM+0tqIKRQK:6bQZCAUdQGoPoTsvf8jatRKRF

Score
8/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      95f432aa7f2104f1acc02d1843c81694_JaffaCakes118

    • Size

      295KB

    • MD5

      95f432aa7f2104f1acc02d1843c81694

    • SHA1

      4ec46f7583acea88473ea9bff41876c3861410d0

    • SHA256

      693f8570691799f05ec5e92dac6dcd69bd77bac571b3448bbecee5fcc8aa0b47

    • SHA512

      69bd8c87c8eada1db5f63c2d6694897754ed26cb651bc611b23c44d64d0e878932ceb8c2abe7a5281179fc40a232fce0a2394dd17366553c7943b59e7d1a120c

    • SSDEEP

      6144:6W8QcOWX/ZGw5jL3CDUm0+CUdwtoPoT0lvf9ePTNJM+0tqIKRQK:6bQZCAUdQGoPoTsvf8jatRKRF

    Score
    8/10
    discoverypersistenceupx

    • Server Software Component: Terminal Services DLL

      persistence

    • Sets service image path in registry

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks