032992a2c3636dfdc9f7c7aa6c1e8d04b5b1c99317f715498b4eedb97edb5c99 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

a4630b8b13...18.dll

windows7-x64

8

a4630b8b13...18.dll

windows10-2004-x64

8

Sharing

General

Target

a4630b8b13e400225be47aabed4d7f3c_JaffaCakes118
Size

88KB
Sample

240817-2d11ystcmj
MD5

a4630b8b13e400225be47aabed4d7f3c
SHA1

83cf550d335caf9f22445d5e31e4ce71761a958e
SHA256

032992a2c3636dfdc9f7c7aa6c1e8d04b5b1c99317f715498b4eedb97edb5c99
SHA512

001abf025cf015f42e6f0b6036fcec48c3b8d82e400cece53964caa54c6714d0d83affc79007b1433a53f78d451e54f847257c303dfb34d74eb0ce79e6f3b2c2
SSDEEP

1536:Fe15QNfXIn5MKqf6X6yMYlnsBcdEjJ9slp1uxbQf+F8reqDWIqruSqhGsbXvr:Fui1RNisYFsBRj3VFQM9qCILHVXv

Score

8^/10

discovery evasion persistence privilege_escalation upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

a4630b8b13e400225be47aabed4d7f3c_JaffaCakes118.dll

Resource

win7-20240704-en

discovery evasion persistence privilege_escalation upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

a4630b8b13e400225be47aabed4d7f3c_JaffaCakes118.dll

Resource

win10v2004-20240802-en

discovery evasion persistence privilege_escalation upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  a4630b8b13e400225be47aabed4d7f3c_JaffaCakes118
- Size
  
  88KB
- MD5
  
  a4630b8b13e400225be47aabed4d7f3c
- SHA1
  
  83cf550d335caf9f22445d5e31e4ce71761a958e
- SHA256
  
  032992a2c3636dfdc9f7c7aa6c1e8d04b5b1c99317f715498b4eedb97edb5c99
- SHA512
  
  001abf025cf015f42e6f0b6036fcec48c3b8d82e400cece53964caa54c6714d0d83affc79007b1433a53f78d451e54f847257c303dfb34d74eb0ce79e6f3b2c2
- SSDEEP
  
  1536:Fe15QNfXIn5MKqf6X6yMYlnsBcdEjJ9slp1uxbQf+F8reqDWIqruSqhGsbXvr:Fui1RNisYFsBRj3VFQM9qCILHVXv
Score

8^/10

discovery evasion persistence privilege_escalation upx
- Blocklisted process makes network request
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationupx

behavioral2

discoveryevasionpersistenceprivilege_escalationupx

© 2018-2024

Terms | Privacy