Overview

overview

7

Static

static

7

dc92951f97...18.exe

windows7-x64

7

dc92951f97...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    dc92951f97de7e402ef9b92ae0fcdfc7_JaffaCakes118

  • Size

    44KB

  • Sample

    240912-th5wpssgrb

  • MD5

    dc92951f97de7e402ef9b92ae0fcdfc7

  • SHA1

    a141718b4b5930c57a93646a65d090cb3062ed58

  • SHA256

    72a09796fe2f6eed5156c3e68658b850115f2a2cc8337f3afe0ac5e5359509ac

  • SHA512

    74eda18e7015bef0d789f75f6c726bb3eff218213e17b9237db8023284f8d06ca89a4e9fc2e924905c28fdeea0fbb6a71750c956d83f88e22cba9705e9a3759b

  • SSDEEP

    384:0cva0CApzYL31jwcKyV/1yoBf1+LLP2I33smBs:HfrpsLlDV/1yet+LLL3TB

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      dc92951f97de7e402ef9b92ae0fcdfc7_JaffaCakes118

    • Size

      44KB

    • MD5

      dc92951f97de7e402ef9b92ae0fcdfc7

    • SHA1

      a141718b4b5930c57a93646a65d090cb3062ed58

    • SHA256

      72a09796fe2f6eed5156c3e68658b850115f2a2cc8337f3afe0ac5e5359509ac

    • SHA512

      74eda18e7015bef0d789f75f6c726bb3eff218213e17b9237db8023284f8d06ca89a4e9fc2e924905c28fdeea0fbb6a71750c956d83f88e22cba9705e9a3759b

    • SSDEEP

      384:0cva0CApzYL31jwcKyV/1yoBf1+LLP2I33smBs:HfrpsLlDV/1yet+LLL3TB

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks