Overview

overview

8

Static

static

7

e1c65ad992...18.exe

windows7-x64

8

e1c65ad992...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    e1c65ad9920d21007e78e11c4dd61524_JaffaCakes118

  • Size

    12KB

  • Sample

    240915-fzs2ksxdjc

  • MD5

    e1c65ad9920d21007e78e11c4dd61524

  • SHA1

    2f9f64168b6751a85e64a8ec053a9e2d7b9145fc

  • SHA256

    7198f97a60f9cb5495f189594a2d9ab684f78988262bb3e452269c2c25d5f947

  • SHA512

    6ccad0b25f0ef70109b2c102eaa325e0a7edcae0f3467e13810b2977b76c325ee73742bc2b602294acec29488258ba148118c592989ed5e92895d1c816da4a41

  • SSDEEP

    192:fhK1pyzlQHGl/GV4c9ZI9Zbl6TH1FRpPtRRaP0rqjWGosSbyA6Ybc9S1wvwEcK:fsqzlXV2hYd65Z8PSqLDR8kSyF

Score
8/10
discoverypersistenceprivilege_escalationupx

Malware Config

Targets

    • Target

      e1c65ad9920d21007e78e11c4dd61524_JaffaCakes118

    • Size

      12KB

    • MD5

      e1c65ad9920d21007e78e11c4dd61524

    • SHA1

      2f9f64168b6751a85e64a8ec053a9e2d7b9145fc

    • SHA256

      7198f97a60f9cb5495f189594a2d9ab684f78988262bb3e452269c2c25d5f947

    • SHA512

      6ccad0b25f0ef70109b2c102eaa325e0a7edcae0f3467e13810b2977b76c325ee73742bc2b602294acec29488258ba148118c592989ed5e92895d1c816da4a41

    • SSDEEP

      192:fhK1pyzlQHGl/GV4c9ZI9Zbl6TH1FRpPtRRaP0rqjWGosSbyA6Ybc9S1wvwEcK:fsqzlXV2hYd65Z8PSqLDR8kSyF

    Score
    8/10
    discoverypersistenceprivilege_escalationupx

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks