Overview

overview

10

Static

static

3

d5d7393c19...18.exe

windows7-x64

10

d5d7393c19...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d5d7393c19e1b6f39bb89dc47e0945ae_JaffaCakes118

  • Size

    744KB

  • Sample

    240909-hyvvwsygpf

  • MD5

    d5d7393c19e1b6f39bb89dc47e0945ae

  • SHA1

    2dd3497c19e5736a191d0cb3c5854f2438ab4525

  • SHA256

    3e01f37e7a320acac8a85f4ff3d7365b6ead99b51d5920677608c5ebd5db2096

  • SHA512

    ecaf4e7d2355c3ef26abbe30365c8ea20bf21e9821942ce3dd77ef597d422bbb6507c1cc485fcb3a615213fdea75bf33a57917246cc8c8148bab793d7719db6c

  • SSDEEP

    12288:e5QdnlA3RciWnRfKZiRQHt3yxREUJooCXJPBmP7/tISG:e663RcT9KMReyxREUJoxZZo/tI

Score
10/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      d5d7393c19e1b6f39bb89dc47e0945ae_JaffaCakes118

    • Size

      744KB

    • MD5

      d5d7393c19e1b6f39bb89dc47e0945ae

    • SHA1

      2dd3497c19e5736a191d0cb3c5854f2438ab4525

    • SHA256

      3e01f37e7a320acac8a85f4ff3d7365b6ead99b51d5920677608c5ebd5db2096

    • SHA512

      ecaf4e7d2355c3ef26abbe30365c8ea20bf21e9821942ce3dd77ef597d422bbb6507c1cc485fcb3a615213fdea75bf33a57917246cc8c8148bab793d7719db6c

    • SSDEEP

      12288:e5QdnlA3RciWnRfKZiRQHt3yxREUJooCXJPBmP7/tISG:e663RcT9KMReyxREUJoxZZo/tI

    Score
    10/10
    discoveryevasionpersistence

    • Modifies firewall policy service

      evasion

    • Adds policy Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks