Overview

overview

8

Static

static

7

aa77270941...18.exe

windows7-x64

8

aa77270941...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    aa7727094167a9c024cbe84666ef8ea5_JaffaCakes118

  • Size

    12KB

  • Sample

    240819-lex3pawdpg

  • MD5

    aa7727094167a9c024cbe84666ef8ea5

  • SHA1

    9b54e657bf134e85d638c4193be8d35d7943c0af

  • SHA256

    eb20eb00d780427d2f36fbe8e017898cdf092b1d7050277f58440ee127ef68fc

  • SHA512

    abae4dc5d6e3bfb617dbfba0de1304c401ae0bb6fe5b0dbe61160dda7701bf0d69125a8b388cf8b13490b6d37888a44f7f88d4b4aa9e22791d11ec96cd7f7503

  • SSDEEP

    384:TQSvizwTqg91x6tARzB9/IkDEul1E6LY:TQlzyqg9xB1IQEupL

Score
8/10
discoverypersistenceprivilege_escalationupx

Malware Config

Targets

    • Target

      aa7727094167a9c024cbe84666ef8ea5_JaffaCakes118

    • Size

      12KB

    • MD5

      aa7727094167a9c024cbe84666ef8ea5

    • SHA1

      9b54e657bf134e85d638c4193be8d35d7943c0af

    • SHA256

      eb20eb00d780427d2f36fbe8e017898cdf092b1d7050277f58440ee127ef68fc

    • SHA512

      abae4dc5d6e3bfb617dbfba0de1304c401ae0bb6fe5b0dbe61160dda7701bf0d69125a8b388cf8b13490b6d37888a44f7f88d4b4aa9e22791d11ec96cd7f7503

    • SSDEEP

      384:TQSvizwTqg91x6tARzB9/IkDEul1E6LY:TQlzyqg9xB1IQEupL

    Score
    8/10
    discoverypersistenceprivilege_escalationupx

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks