Overview

overview

8

Static

static

3

fad9a80024...18.exe

windows7-x64

8

fad9a80024...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fad9a80024332efb7f5609b61c00ff56_JaffaCakes118

  • Size

    174KB

  • Sample

    240927-y48xpsxfnj

  • MD5

    fad9a80024332efb7f5609b61c00ff56

  • SHA1

    31e2caada015dcbb888dd351f06474d7177437a1

  • SHA256

    e746832c45b60f90fefd8738d0d9540df167674fbf101dd9b974b966cde62457

  • SHA512

    80599d1cebe327d7cb6bab1ce88dec2b0a35310b48e1d2784cb1685eec2456602fd7a965b5194e5499345a63d237dc252013bf3b877e5079860e6874b7fb8acb

  • SSDEEP

    3072:2a6pmM3xy6bpgy4Zyv7q6RYZZeyqfEkQGUSQyYLWwA5pyAQ/NxgSiD9s8FlI6:wy62y4ZI7qoYXizQGUhfK5pVQ/M52

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      fad9a80024332efb7f5609b61c00ff56_JaffaCakes118

    • Size

      174KB

    • MD5

      fad9a80024332efb7f5609b61c00ff56

    • SHA1

      31e2caada015dcbb888dd351f06474d7177437a1

    • SHA256

      e746832c45b60f90fefd8738d0d9540df167674fbf101dd9b974b966cde62457

    • SHA512

      80599d1cebe327d7cb6bab1ce88dec2b0a35310b48e1d2784cb1685eec2456602fd7a965b5194e5499345a63d237dc252013bf3b877e5079860e6874b7fb8acb

    • SSDEEP

      3072:2a6pmM3xy6bpgy4Zyv7q6RYZZeyqfEkQGUSQyYLWwA5pyAQ/NxgSiD9s8FlI6:wy62y4ZI7qoYXizQGUhfK5pVQ/M52

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: AppCert DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppCert DLLs loaded into processes.

      persistenceprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks