Overview

overview

8

Static

static

7

bac0b9b7b3...18.exe

windows7-x64

8

bac0b9b7b3...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bac0b9b7b39bcd9524e6d7cd6bb8681a_JaffaCakes118

  • Size

    12KB

  • Sample

    240823-hswj8sshqj

  • MD5

    bac0b9b7b39bcd9524e6d7cd6bb8681a

  • SHA1

    ccfb1039be0296335d6a21f6abfed8ea53a58fae

  • SHA256

    51a139835bd2fa8a8f6e8f1fcd6c331f5128114f7bd2d9c1c24f6f0ecb50286b

  • SHA512

    b5e929ba5e40469094246e7e1bdda5445e86cc4be641a8efbf2ef4bfa2a0baa90b7b8e12338304963c7844e058c4b6b975b3833741ca3b218e6994df9fc6a806

  • SSDEEP

    192:Rpn5Hvx9kUYCh3ZF5Lrrl4aSm0d8etJ4arw7Y0wkm6rcgx6OsmjoNL927aYVFe0k:D5Hvx9kUlh3ZF5Lr2axWiJcgx6OsmjJ4

Score
8/10
discoverypersistenceprivilege_escalationupx

Malware Config

Targets

    • Target

      bac0b9b7b39bcd9524e6d7cd6bb8681a_JaffaCakes118

    • Size

      12KB

    • MD5

      bac0b9b7b39bcd9524e6d7cd6bb8681a

    • SHA1

      ccfb1039be0296335d6a21f6abfed8ea53a58fae

    • SHA256

      51a139835bd2fa8a8f6e8f1fcd6c331f5128114f7bd2d9c1c24f6f0ecb50286b

    • SHA512

      b5e929ba5e40469094246e7e1bdda5445e86cc4be641a8efbf2ef4bfa2a0baa90b7b8e12338304963c7844e058c4b6b975b3833741ca3b218e6994df9fc6a806

    • SSDEEP

      192:Rpn5Hvx9kUYCh3ZF5Lrrl4aSm0d8etJ4arw7Y0wkm6rcgx6OsmjoNL927aYVFe0k:D5Hvx9kUlh3ZF5Lr2axWiJcgx6OsmjJ4

    Score
    8/10
    discoverypersistenceprivilege_escalationupx

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks