Overview

overview

10

Static

static

7

a05933a2cf...18.exe

windows7-x64

10

a05933a2cf...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    a05933a2cf1a7257c022fc449dd55f61_JaffaCakes118

  • Size

    254KB

  • Sample

    240816-3cp3qstdqa

  • MD5

    a05933a2cf1a7257c022fc449dd55f61

  • SHA1

    41a4ceff42a5da922a4baaa78c1379c9204ec1be

  • SHA256

    85cf8a5d87779b556a567c5da43ec3bcb70e71c4f6c5952aa1bf602eeea0c017

  • SHA512

    65a8513d5416355c40d14de31757917f6ba45de1dd491203534141afba1f0667059d6f662f43038cce36dce2a1a46f3ac8af1d08ab9621d0b246929a0539357d

  • SSDEEP

    6144:TR4zBrEHaJxdcZucchjxgXf3be+0x+h2snQ:Tar7HSZucajSXvb+xq/

Score
10/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      a05933a2cf1a7257c022fc449dd55f61_JaffaCakes118

    • Size

      254KB

    • MD5

      a05933a2cf1a7257c022fc449dd55f61

    • SHA1

      41a4ceff42a5da922a4baaa78c1379c9204ec1be

    • SHA256

      85cf8a5d87779b556a567c5da43ec3bcb70e71c4f6c5952aa1bf602eeea0c017

    • SHA512

      65a8513d5416355c40d14de31757917f6ba45de1dd491203534141afba1f0667059d6f662f43038cce36dce2a1a46f3ac8af1d08ab9621d0b246929a0539357d

    • SSDEEP

      6144:TR4zBrEHaJxdcZucchjxgXf3be+0x+h2snQ:Tar7HSZucajSXvb+xq/

    Score
    10/10
    discoverypersistenceupx

    • Modifies WinLogon for persistence

      persistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks