Overview

overview

10

Static

static

3

b7f04940ac...18.exe

windows7-x64

10

b7f04940ac...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b7f04940ac2fabca550f430836412d6d_JaffaCakes118

  • Size

    936KB

  • Sample

    240822-rf38zstdqq

  • MD5

    b7f04940ac2fabca550f430836412d6d

  • SHA1

    185f84ad325bbad8ec9279a4a7535eda77730b48

  • SHA256

    b28cdf2e86c33a54631ef50b1912d4d56b4fd595005e6bb5285d2e7fb29b1fe6

  • SHA512

    490d89991002522391e1170fb3b958243c742da1d589e4f2b5c88059d6e0b756ed647e8007146cb3f4baa06d979a99c7521b28e7e3066026a76555a26e863677

  • SSDEEP

    12288:ZM/izMGtHotQ9piFEhwkdiwz8mJ3DcKT2R2pi++krKZjilvhs5T0Iw5pr58bpUm:ZM+iGNi6JzcK6RqhLboClj5e

Score
10/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      b7f04940ac2fabca550f430836412d6d_JaffaCakes118

    • Size

      936KB

    • MD5

      b7f04940ac2fabca550f430836412d6d

    • SHA1

      185f84ad325bbad8ec9279a4a7535eda77730b48

    • SHA256

      b28cdf2e86c33a54631ef50b1912d4d56b4fd595005e6bb5285d2e7fb29b1fe6

    • SHA512

      490d89991002522391e1170fb3b958243c742da1d589e4f2b5c88059d6e0b756ed647e8007146cb3f4baa06d979a99c7521b28e7e3066026a76555a26e863677

    • SSDEEP

      12288:ZM/izMGtHotQ9piFEhwkdiwz8mJ3DcKT2R2pi++krKZjilvhs5T0Iw5pr58bpUm:ZM+iGNi6JzcK6RqhLboClj5e

    Score
    10/10
    discoverypersistenceupx

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks