Overview

overview

7

Static

static

3

aa4f1b3ed1...18.exe

windows7-x64

7

aa4f1b3ed1...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa4f1b3ed1750cebed7ccfc7884dc05e_JaffaCakes118

  • Size

    186KB

  • Sample

    240819-kgxdhaxdlp

  • MD5

    aa4f1b3ed1750cebed7ccfc7884dc05e

  • SHA1

    beac2d58021407b63760d06f4d97d60b7c266832

  • SHA256

    e1a4ceec9e4cacee83834ac84690dab2d2e08e02cd9cf04f9fd85dcae61c29f8

  • SHA512

    4761eb4dfdfec48397568032bf3e17608508caba5d28d96cef119470d3eaa8ea589245ad71d2c8fa8513a5642d7ccb719caba6965296e8845b829066d58477d4

  • SSDEEP

    3072:G2C9nutks+CHuZgbr0G1vspOnBXcbxRufPGVxr44b2lw2FTvUxxA1roSwN:G2CxueEJ0yvspOhy8fOjMJUDUr

Score
7/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      aa4f1b3ed1750cebed7ccfc7884dc05e_JaffaCakes118

    • Size

      186KB

    • MD5

      aa4f1b3ed1750cebed7ccfc7884dc05e

    • SHA1

      beac2d58021407b63760d06f4d97d60b7c266832

    • SHA256

      e1a4ceec9e4cacee83834ac84690dab2d2e08e02cd9cf04f9fd85dcae61c29f8

    • SHA512

      4761eb4dfdfec48397568032bf3e17608508caba5d28d96cef119470d3eaa8ea589245ad71d2c8fa8513a5642d7ccb719caba6965296e8845b829066d58477d4

    • SSDEEP

      3072:G2C9nutks+CHuZgbr0G1vspOnBXcbxRufPGVxr44b2lw2FTvUxxA1roSwN:G2CxueEJ0yvspOhy8fOjMJUDUr

    Score
    7/10
    discoverypersistenceprivilege_escalation

    • Deletes itself

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks