Overview

overview

10

Static

static

3

a325b996f0...18.exe

windows7-x64

10

a325b996f0...18.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    a325b996f00c1cbe2bd390f654def49d_JaffaCakes118

  • Size

    392KB

  • Sample

    240817-s8elrswflr

  • MD5

    a325b996f00c1cbe2bd390f654def49d

  • SHA1

    22699dade8686139f0e596a856af932229b1b391

  • SHA256

    49dc8f287e1e7f7a52da62c0ba4dc98a0214e170f5059a3fde7ab11e038acf2c

  • SHA512

    1819f10f12e2aefd2cbea04a14615ec0bf2db8ee64bd0d977a13977a34cb8f770897e38253ab29e6bf88c623381dd9d1bc7558ddaa5c6581d6db252cd9574c11

  • SSDEEP

    12288:wGGmLdw5YRXnFb4iiXJo/VqiGFIG2oNw5qQ:wGGEdwORVb4iiX2tzGyG2oyt

Score
10/10
discoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      a325b996f00c1cbe2bd390f654def49d_JaffaCakes118

    • Size

      392KB

    • MD5

      a325b996f00c1cbe2bd390f654def49d

    • SHA1

      22699dade8686139f0e596a856af932229b1b391

    • SHA256

      49dc8f287e1e7f7a52da62c0ba4dc98a0214e170f5059a3fde7ab11e038acf2c

    • SHA512

      1819f10f12e2aefd2cbea04a14615ec0bf2db8ee64bd0d977a13977a34cb8f770897e38253ab29e6bf88c623381dd9d1bc7558ddaa5c6581d6db252cd9574c11

    • SSDEEP

      12288:wGGmLdw5YRXnFb4iiXJo/VqiGFIG2oNw5qQ:wGGEdwORVb4iiX2tzGyG2oyt

    Score
    10/10
    discoveryevasionpersistencetrojan

    • Windows security bypass

      evasiontrojan

    • Disables taskbar notifications via registry modification

      evasion

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks