Overview

overview

7

Static

static

7

b8fef4fc1c...18.exe

windows7-x64

7

b8fef4fc1c...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8fef4fc1c25c304b4a9ca1fe9b04b65_JaffaCakes118

  • Size

    40KB

  • Sample

    240822-y1b4kayckr

  • MD5

    b8fef4fc1c25c304b4a9ca1fe9b04b65

  • SHA1

    8faf42b90a115e56ed2bffbca03fd61530f61d45

  • SHA256

    43119b3a95989cb18dd0f1acc334c886e95b1d469715eb78cf9767abd51ce64b

  • SHA512

    1a0ff183233269a05f0c0c45a69fb93c940e69bc8657c9a081b7f91a562e8364ce011becacf7f1ac9bfeb033cefdad59d38cf3b328df6034710976c9889c175b

  • SSDEEP

    768:fvO9SUNVvzFGd4pkfTas4AeVdpOwYGn+bhFPy7dxVZBZ6LZ2zPgtyO4ZbOPIHi:O91GUkus4PdhYBlFUoLZ2zPg68IHi

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      b8fef4fc1c25c304b4a9ca1fe9b04b65_JaffaCakes118

    • Size

      40KB

    • MD5

      b8fef4fc1c25c304b4a9ca1fe9b04b65

    • SHA1

      8faf42b90a115e56ed2bffbca03fd61530f61d45

    • SHA256

      43119b3a95989cb18dd0f1acc334c886e95b1d469715eb78cf9767abd51ce64b

    • SHA512

      1a0ff183233269a05f0c0c45a69fb93c940e69bc8657c9a081b7f91a562e8364ce011becacf7f1ac9bfeb033cefdad59d38cf3b328df6034710976c9889c175b

    • SSDEEP

      768:fvO9SUNVvzFGd4pkfTas4AeVdpOwYGn+bhFPy7dxVZBZ6LZ2zPgtyO4ZbOPIHi:O91GUkus4PdhYBlFUoLZ2zPg68IHi

    Score
    7/10
    discoverypersistenceupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks