Overview

overview

8

Static

static

3

dd3a79cd3e...18.exe

windows7-x64

8

dd3a79cd3e...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dd3a79cd3ee72798ce9f5e27d3848951_JaffaCakes118

  • Size

    288KB

  • Sample

    240912-3c5hes1hlf

  • MD5

    dd3a79cd3ee72798ce9f5e27d3848951

  • SHA1

    f72a5c3490365d26eb21c2df51433697b090a027

  • SHA256

    5451043a6ad85b3fd4a32dc14a65c249ced46605d87de33f7ddc30d037cb742f

  • SHA512

    d10eae687c1b5a1cff4c0db7d11f8952f95f933e13e16ab88be6e1c625f21eb7e00680ef4ba2a75190b5cc1598ca05a97b86b557668c37923b17686e83bbf6eb

  • SSDEEP

    6144:o5oAYiG0O69N6/410W+xrbHFEB1dUypEu2QFwyiyNSM:o5o5iG0OhQ18PFAdUwEqf7v

Score
8/10
discoverypersistencevmprotect

Malware Config

Targets

    • Target

      dd3a79cd3ee72798ce9f5e27d3848951_JaffaCakes118

    • Size

      288KB

    • MD5

      dd3a79cd3ee72798ce9f5e27d3848951

    • SHA1

      f72a5c3490365d26eb21c2df51433697b090a027

    • SHA256

      5451043a6ad85b3fd4a32dc14a65c249ced46605d87de33f7ddc30d037cb742f

    • SHA512

      d10eae687c1b5a1cff4c0db7d11f8952f95f933e13e16ab88be6e1c625f21eb7e00680ef4ba2a75190b5cc1598ca05a97b86b557668c37923b17686e83bbf6eb

    • SSDEEP

      6144:o5oAYiG0O69N6/410W+xrbHFEB1dUypEu2QFwyiyNSM:o5o5iG0OhQ18PFAdUwEqf7v

    Score
    8/10
    discoverypersistencevmprotect

    • Server Software Component: Terminal Services DLL

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks