Overview

overview

8

Static

static

7

ea7d7ea7a6...18.exe

windows7-x64

8

ea7d7ea7a6...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea7d7ea7a6c0720cb25fdc5d66f6faa8_JaffaCakes118

  • Size

    13KB

  • Sample

    240919-dwrm8sydnp

  • MD5

    ea7d7ea7a6c0720cb25fdc5d66f6faa8

  • SHA1

    c20aa964aafeb56dc40d9bc8572b432f10ac1b08

  • SHA256

    43e633ac956f1567ad4f8335103c2ccb227860de97a76f7b15207b3298340f8a

  • SHA512

    12f1dbaa2cfe86536f6f669035fbb96cf3b1115899ba55c244e797a207593d54144e06339d309b61397582f35b42712093f65c572c32acfb360bda20bf181c9d

  • SSDEEP

    384:WFErXuuNxy1LhMPOZQHn+LewiGit30V0FR+:WFEjyJh+OmPnGiU0

Score
8/10
discoverypersistenceprivilege_escalationupx

Malware Config

Targets

    • Target

      ea7d7ea7a6c0720cb25fdc5d66f6faa8_JaffaCakes118

    • Size

      13KB

    • MD5

      ea7d7ea7a6c0720cb25fdc5d66f6faa8

    • SHA1

      c20aa964aafeb56dc40d9bc8572b432f10ac1b08

    • SHA256

      43e633ac956f1567ad4f8335103c2ccb227860de97a76f7b15207b3298340f8a

    • SHA512

      12f1dbaa2cfe86536f6f669035fbb96cf3b1115899ba55c244e797a207593d54144e06339d309b61397582f35b42712093f65c572c32acfb360bda20bf181c9d

    • SSDEEP

      384:WFErXuuNxy1LhMPOZQHn+LewiGit30V0FR+:WFEjyJh+OmPnGiU0

    Score
    8/10
    discoverypersistenceprivilege_escalationupx

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks