5a8b3f05226ed3a41e7f6ef5a30d9ac366576e738fcf56dffa46ed7ce997459d | Triage

Submit
Reports

Overview

overview

8

Static

static

7

fc29a4b05c...18.dll

windows7-x64

8

fc29a4b05c...18.dll

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

fc29a4b05ca5da1a1401834c987d2a67_JaffaCakes118
Size

350KB
Sample

240928-m49nfssclp
MD5

fc29a4b05ca5da1a1401834c987d2a67
SHA1

e89669dc136c4ea623afde574df96d2e747ec89c
SHA256

5a8b3f05226ed3a41e7f6ef5a30d9ac366576e738fcf56dffa46ed7ce997459d
SHA512

85fc19cb5a4ad71e0d44ff567bbcd24fba5c9ca9745d2f5980dc96a14c535e738b42fb1933cef08b005f84d0f3f450a3ee1c5528703f626d750aa07c03f71ac6
SSDEEP

6144:e7FBNxY+X0G/fu7/9natGfFzup5iWQxVaLKLhKUtxeKq+8pCE6NiW8d0FaIyDEHu:0FBbj0yfu7bfFqpIpV9l1/eKr8ciOQJl

Score

8^/10

defense_evasion discovery persistence vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fc29a4b05ca5da1a1401834c987d2a67_JaffaCakes118.dll

Resource

win7-20240903-en

defense_evasion discovery persistence vmprotect

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

fc29a4b05ca5da1a1401834c987d2a67_JaffaCakes118.dll

Resource

win10v2004-20240802-en

defense_evasion discovery persistence vmprotect

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  fc29a4b05ca5da1a1401834c987d2a67_JaffaCakes118
- Size
  
  350KB
- MD5
  
  fc29a4b05ca5da1a1401834c987d2a67
- SHA1
  
  e89669dc136c4ea623afde574df96d2e747ec89c
- SHA256
  
  5a8b3f05226ed3a41e7f6ef5a30d9ac366576e738fcf56dffa46ed7ce997459d
- SHA512
  
  85fc19cb5a4ad71e0d44ff567bbcd24fba5c9ca9745d2f5980dc96a14c535e738b42fb1933cef08b005f84d0f3f450a3ee1c5528703f626d750aa07c03f71ac6
- SSDEEP
  
  6144:e7FBNxY+X0G/fu7/9natGfFzup5iWQxVaLKLhKUtxeKq+8pCE6NiW8d0FaIyDEHu:0FBbj0yfu7bfFqpIpV9l1/eKr8ciOQJl
Score

8^/10

defense_evasion discovery persistence vmprotect
- Server Software Component: Terminal Services DLL
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistencevmprotect

behavioral2

defense_evasiondiscoverypersistencevmprotect

© 2018-2025

Terms | Privacy