Overview

overview

8

Static

static

1

dce3530ddc...18.exe

windows7-x64

8

dce3530ddc...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dce3530ddc253f47f0195c0a4a714ee9_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240912-xyzleazfjb

  • MD5

    dce3530ddc253f47f0195c0a4a714ee9

  • SHA1

    1229b74131cace4faf089d17e001784c3a098c19

  • SHA256

    7fe76931f9ceeec821cd898b42e99ea40de945b2a89ec4a9da5cab2d5a27bd3e

  • SHA512

    57abcf093fb78bbb8127a7c9e27a2f4965eee667adc94366e49a6d409a632f34d619e686d81d1541725d64c749785d189123d729cca12b2ee09dd07aaac8284f

  • SSDEEP

    24576:4ag10mh+RRh57yHv9qYYK5ExiGFWz3zWHLBk/Z+SbtxI9TOjsUOHhtAZJcepuaPf:4jGmo3c9qoek/Z+WtGlU/F

Score
8/10
defense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      dce3530ddc253f47f0195c0a4a714ee9_JaffaCakes118

    • Size

      1.5MB

    • MD5

      dce3530ddc253f47f0195c0a4a714ee9

    • SHA1

      1229b74131cace4faf089d17e001784c3a098c19

    • SHA256

      7fe76931f9ceeec821cd898b42e99ea40de945b2a89ec4a9da5cab2d5a27bd3e

    • SHA512

      57abcf093fb78bbb8127a7c9e27a2f4965eee667adc94366e49a6d409a632f34d619e686d81d1541725d64c749785d189123d729cca12b2ee09dd07aaac8284f

    • SSDEEP

      24576:4ag10mh+RRh57yHv9qYYK5ExiGFWz3zWHLBk/Z+SbtxI9TOjsUOHhtAZJcepuaPf:4jGmo3c9qoek/Z+WtGlU/F

    Score
    8/10
    defense_evasiondiscoverypersistence

    • Server Software Component: Terminal Services DLL

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks