Overview

overview

7

Static

static

7

ea8862f4a5...18.exe

windows7-x64

7

ea8862f4a5...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea8862f4a54f77f6e50bf9af31389884_JaffaCakes118

  • Size

    180KB

  • Sample

    240919-eefp3szbnh

  • MD5

    ea8862f4a54f77f6e50bf9af31389884

  • SHA1

    aee343283306bc38c1ed3c278dd9291742fd47e9

  • SHA256

    864987f8434b43faee44a2fe89f3f9de0f11cb5be9531b04704e6b12a16376d3

  • SHA512

    5342f51745aa17649f2b1d337b469b1fc0bd5528d989796eee9ef2f211494b4bc8b072f8e4c3ceeff3e5f689daf7fad98bb7f8c7264c6cdc37336da8c5ffb025

  • SSDEEP

    3072:MY+2m+skvTW5421JSXmWkJVetSavxIzluhwBwlYXqUrpmpaGjkysqNzP:Mn2HJ7AXqm7n+Sa84wulYXZUpwO

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      ea8862f4a54f77f6e50bf9af31389884_JaffaCakes118

    • Size

      180KB

    • MD5

      ea8862f4a54f77f6e50bf9af31389884

    • SHA1

      aee343283306bc38c1ed3c278dd9291742fd47e9

    • SHA256

      864987f8434b43faee44a2fe89f3f9de0f11cb5be9531b04704e6b12a16376d3

    • SHA512

      5342f51745aa17649f2b1d337b469b1fc0bd5528d989796eee9ef2f211494b4bc8b072f8e4c3ceeff3e5f689daf7fad98bb7f8c7264c6cdc37336da8c5ffb025

    • SSDEEP

      3072:MY+2m+skvTW5421JSXmWkJVetSavxIzluhwBwlYXqUrpmpaGjkysqNzP:Mn2HJ7AXqm7n+Sa84wulYXZUpwO

    Score
    7/10
    discoverypersistenceupx

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks