Overview

overview

8

Static

static

3

a179654add...18.exe

windows7-x64

8

a179654add...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    a179654adde971fc4ddbcf6db29ded1e_JaffaCakes118

  • Size

    50KB

  • Sample

    240817-gx786athrn

  • MD5

    a179654adde971fc4ddbcf6db29ded1e

  • SHA1

    9b9122f9203d3cede00911314857efc349f95831

  • SHA256

    24ab9b3d649551d109430e86b25169d41967fb73f42a296def609853996ee5f7

  • SHA512

    3b60e530a53fcaaf863d008ae6938c4e57e37956f149739d85e85543ccc847c2b8eef31a2e0dc00f656c5998dae96a8e30f78d90b4a01531b25b2c3f8d935322

  • SSDEEP

    1536:ERX2lV62en/N5IrKRXOIgZVm0OvL78/NbNm7p+M/:ERXo6xn/NQYHo6T7mmN+E

Score
8/10
defense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      a179654adde971fc4ddbcf6db29ded1e_JaffaCakes118

    • Size

      50KB

    • MD5

      a179654adde971fc4ddbcf6db29ded1e

    • SHA1

      9b9122f9203d3cede00911314857efc349f95831

    • SHA256

      24ab9b3d649551d109430e86b25169d41967fb73f42a296def609853996ee5f7

    • SHA512

      3b60e530a53fcaaf863d008ae6938c4e57e37956f149739d85e85543ccc847c2b8eef31a2e0dc00f656c5998dae96a8e30f78d90b4a01531b25b2c3f8d935322

    • SSDEEP

      1536:ERX2lV62en/N5IrKRXOIgZVm0OvL78/NbNm7p+M/:ERXo6xn/NQYHo6T7mmN+E

    Score
    8/10
    defense_evasiondiscoverypersistence

    • Sets service image path in registry

      persistence

    • Deletes itself

    • Executes dropped EXE

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    • Hide Artifacts: Hidden Users

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks