Overview

overview

10

Static

static

5

f9fe0bc7d3...18.exe

windows7-x64

10

f9fe0bc7d3...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f9fe0bc7d3a3e8137146e3d8a0ca42f1_JaffaCakes118

  • Size

    44KB

  • Sample

    240927-jgdqqasajm

  • MD5

    f9fe0bc7d3a3e8137146e3d8a0ca42f1

  • SHA1

    cc24cbe1a7a17649e30936e358653100e4b26204

  • SHA256

    e41c15d3a986e5876c4e4177570c6aa23ce92882495b59060ec33d5636cd058d

  • SHA512

    876f9149fa37489fae8be72bc5b5fc56d7cec277d4c2de7e5e8fd01a2e262f95b6ac83ea8a7f7aa5547b7a03755c00f1a01ba8ef507d610e77edd0e4b0b2c225

  • SSDEEP

    768:ZMIPSBzIzjU8sxCa/EWkRFb8cGATy7TBN2H+EVGyeMnbcuyD7UrLCJQB7q3N:SlBQsxCacWkvPy7CHJ9/nouy8fCJO8N

Score
10/10
discoveryevasionexecutionpersistenceupx

Malware Config

Targets

    • Target

      f9fe0bc7d3a3e8137146e3d8a0ca42f1_JaffaCakes118

    • Size

      44KB

    • MD5

      f9fe0bc7d3a3e8137146e3d8a0ca42f1

    • SHA1

      cc24cbe1a7a17649e30936e358653100e4b26204

    • SHA256

      e41c15d3a986e5876c4e4177570c6aa23ce92882495b59060ec33d5636cd058d

    • SHA512

      876f9149fa37489fae8be72bc5b5fc56d7cec277d4c2de7e5e8fd01a2e262f95b6ac83ea8a7f7aa5547b7a03755c00f1a01ba8ef507d610e77edd0e4b0b2c225

    • SSDEEP

      768:ZMIPSBzIzjU8sxCa/EWkRFb8cGATy7TBN2H+EVGyeMnbcuyD7UrLCJQB7q3N:SlBQsxCacWkvPy7CHJ9/nouy8fCJO8N

    Score
    10/10
    discoveryevasionexecutionpersistenceupx

    • Disables service(s)

      evasionexecution

    • Adds policy Run key to start application

      persistence

    • Drops file in Drivers directory

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks