Overview

overview

10

Static

static

3

ed106b8c0a...18.exe

windows7-x64

10

ed106b8c0a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed106b8c0a34affd74f3886b74bc3477_JaffaCakes118

  • Size

    174KB

  • Sample

    240920-hselqatfmf

  • MD5

    ed106b8c0a34affd74f3886b74bc3477

  • SHA1

    a14e4ccb445b5f76d72f4ca5d548da3379659cf5

  • SHA256

    a65ec97b8e4d437515ea35fc5f4028cd7be93013b28e7ba0012c6479cbac2209

  • SHA512

    de8e68084a5dbd12efe268fc7b7c85e9b82eadc2a291d570734773e882131c7b06d8033fa644d8e5e182fd34e3c09329842ff9205bdc8645250fc99109750c41

  • SSDEEP

    3072:K7JCniMqJEuhrrHCf+MTNfJKNYuGxBnVEHYlf4FlYMT/f1z3PS4Rh3Z:IJi5qJEuh3iftTNfJexGxBVxlf4FlYsV

Score
10/10
discoveryevasionpersistenceupx

Malware Config

Targets

    • Target

      ed106b8c0a34affd74f3886b74bc3477_JaffaCakes118

    • Size

      174KB

    • MD5

      ed106b8c0a34affd74f3886b74bc3477

    • SHA1

      a14e4ccb445b5f76d72f4ca5d548da3379659cf5

    • SHA256

      a65ec97b8e4d437515ea35fc5f4028cd7be93013b28e7ba0012c6479cbac2209

    • SHA512

      de8e68084a5dbd12efe268fc7b7c85e9b82eadc2a291d570734773e882131c7b06d8033fa644d8e5e182fd34e3c09329842ff9205bdc8645250fc99109750c41

    • SSDEEP

      3072:K7JCniMqJEuhrrHCf+MTNfJKNYuGxBnVEHYlf4FlYMT/f1z3PS4Rh3Z:IJi5qJEuh3iftTNfJexGxBVxlf4FlYsV

    Score
    10/10
    discoveryevasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks