61df05dd626c13132127e551aa1a74f200cbb4ae624cf38718555b3b334cd792 | Triage

Sharing

General

Target

e04366791dce250af0660d2c439c6f4d_JaffaCakes118
Size

143KB
Sample

240914-qkhx6swdqh
MD5

e04366791dce250af0660d2c439c6f4d
SHA1

3a7fde192772c5227ccd586b59bb6eb86daa4ba7
SHA256

61df05dd626c13132127e551aa1a74f200cbb4ae624cf38718555b3b334cd792
SHA512

6fce074fae2403508d803e20b99e7ca522364100169cb10c4d585d2eefdc698bbc3e7d65097dadb61917fc5a3afdf3562f640148ccedece15fb7d5491e1dbd1c
SSDEEP

3072:ogMZnhu2dy9GCJrc4thLCD56ouL6rqh17aBtgZWeJ/b9LM9EXDLPL:ophuyCqUCDM17GSZTlMUL

Score

8^/10

defense_evasion discovery persistence privilege_escalation vmprotect

Malware Config

Targets

- Target
  
  e04366791dce250af0660d2c439c6f4d_JaffaCakes118
- Size
  
  143KB
- MD5
  
  e04366791dce250af0660d2c439c6f4d
- SHA1
  
  3a7fde192772c5227ccd586b59bb6eb86daa4ba7
- SHA256
  
  61df05dd626c13132127e551aa1a74f200cbb4ae624cf38718555b3b334cd792
- SHA512
  
  6fce074fae2403508d803e20b99e7ca522364100169cb10c4d585d2eefdc698bbc3e7d65097dadb61917fc5a3afdf3562f640148ccedece15fb7d5491e1dbd1c
- SSDEEP
  
  3072:ogMZnhu2dy9GCJrc4thLCD56ouL6rqh17aBtgZWeJ/b9LM9EXDLPL:ophuyCqUCDM17GSZTlMUL
Score

8^/10

defense_evasion discovery persistence privilege_escalation vmprotect
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Deletes itself
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Adds Run key to start application
  persistence
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

AppInit DLLs

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalationvmprotect

behavioral2

defense_evasiondiscoverypersistenceprivilege_escalationvmprotect