Overview

overview

7

Static

static

3

ddd66b3792...18.exe

windows7-x64

7

ddd66b3792...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    ddd66b379240972a439ea5f19eab0370_JaffaCakes118

  • Size

    216KB

  • Sample

    240913-gz25xsyclm

  • MD5

    ddd66b379240972a439ea5f19eab0370

  • SHA1

    f75e711a52b16654ad1f77d4c027ec179a38322b

  • SHA256

    0170698a09d4cf721f7794033d9d52a86755e7b9a8a856bc0e3a697d7dc44ccc

  • SHA512

    35a12765cecc27bc620ea77343de74e6b6f0fbb8ef0caa8e3a347213d39ea7b126c3ddfe1289d5e4d56ed19fe8fd32c73e4aafedd81c9e85ade2a663eaad047b

  • SSDEEP

    3072:AyFFWZJYbwkOqYZvC0CwrI9FQY9SFwg1ivRP7nxqzndO60t7mddDG8CaOGfDI:AWPbZZuvsEI9L9Ng1ivRCndk0ddDzQ

Score
7/10
discovery

Malware Config

Targets

    • Target

      ddd66b379240972a439ea5f19eab0370_JaffaCakes118

    • Size

      216KB

    • MD5

      ddd66b379240972a439ea5f19eab0370

    • SHA1

      f75e711a52b16654ad1f77d4c027ec179a38322b

    • SHA256

      0170698a09d4cf721f7794033d9d52a86755e7b9a8a856bc0e3a697d7dc44ccc

    • SHA512

      35a12765cecc27bc620ea77343de74e6b6f0fbb8ef0caa8e3a347213d39ea7b126c3ddfe1289d5e4d56ed19fe8fd32c73e4aafedd81c9e85ade2a663eaad047b

    • SSDEEP

      3072:AyFFWZJYbwkOqYZvC0CwrI9FQY9SFwg1ivRP7nxqzndO60t7mddDG8CaOGfDI:AWPbZZuvsEI9L9Ng1ivRCndk0ddDzQ

    Score
    7/10
    discovery

    • Deletes itself

    • Executes dropped EXE

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks