c28384feb8d622682c10e81da44448c226638a7fed9b531ab7a5f652c55b3e1a | Triage

Submit
Reports

Overview

overview

Static

static

7

d3e517e198...18.exe

windows7-x64

d3e517e198...18.exe

windows10-2004-x64

7

Sharing

General

Target

d3e517e198379ed5b8faf580bef47961_JaffaCakes118
Size

248KB
Sample

240908-jtl8maxakd
MD5

d3e517e198379ed5b8faf580bef47961
SHA1

5daf25a32e1a3f8dbbf14d488487c0175d266d60
SHA256

c28384feb8d622682c10e81da44448c226638a7fed9b531ab7a5f652c55b3e1a
SHA512

3902b8f850c5d1242840f7c61d38b677a7d98356097c939dd2f06ed9d18f1391784775ca213b1d3cf5a1e661f2d79a14f250bbfb8202124646ac89e451b0d162
SSDEEP

6144:5Qscj0zoT9nfNARb+m4hOZTIpZh3usSoSVGM:yQzoT9fNAcmeV4xoS

Score

10^/10

discovery persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d3e517e198379ed5b8faf580bef47961_JaffaCakes118.exe

Resource

win7-20240903-en

discovery persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

d3e517e198379ed5b8faf580bef47961_JaffaCakes118.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  d3e517e198379ed5b8faf580bef47961_JaffaCakes118
- Size
  
  248KB
- MD5
  
  d3e517e198379ed5b8faf580bef47961
- SHA1
  
  5daf25a32e1a3f8dbbf14d488487c0175d266d60
- SHA256
  
  c28384feb8d622682c10e81da44448c226638a7fed9b531ab7a5f652c55b3e1a
- SHA512
  
  3902b8f850c5d1242840f7c61d38b677a7d98356097c939dd2f06ed9d18f1391784775ca213b1d3cf5a1e661f2d79a14f250bbfb8202124646ac89e451b0d162
- SSDEEP
  
  6144:5Qscj0zoT9nfNARb+m4hOZTIpZh3usSoSVGM:yQzoT9fNAcmeV4xoS
Score

10^/10

discovery persistence upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceupx

behavioral2

© 2018-2024

Terms | Privacy