Overview

overview

8

Static

static

3

fff6b172d8...18.exe

windows7-x64

8

fff6b172d8...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fff6b172d80154c93ecb61a00f17c26b_JaffaCakes118

  • Size

    148KB

  • Sample

    240930-e3g8tayamj

  • MD5

    fff6b172d80154c93ecb61a00f17c26b

  • SHA1

    37cbaf9dfb6b5e1da9aa86f7687b3c51d31f2442

  • SHA256

    cdcb4acee9f2fdc2468c56f7786bfa642a3fe122ba0ce812d94a7defa353bf1d

  • SHA512

    97d97c8d4be103c74bd5837cd7e6cd130ee1d1af0ae2d31f51b95c4a8200cecc328e1c2335e750db516b11af9f425e00f356cef767eef92ee7283716c114a4b0

  • SSDEEP

    3072:SLjeGZhA5qdE3rVtbYDA4R5M1EX/+MSkBXKl6IF8rIEtrwMMKj+ktcepV1J:S/FZhZE3rTM0qGMpwl6x1j+ktcE

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      fff6b172d80154c93ecb61a00f17c26b_JaffaCakes118

    • Size

      148KB

    • MD5

      fff6b172d80154c93ecb61a00f17c26b

    • SHA1

      37cbaf9dfb6b5e1da9aa86f7687b3c51d31f2442

    • SHA256

      cdcb4acee9f2fdc2468c56f7786bfa642a3fe122ba0ce812d94a7defa353bf1d

    • SHA512

      97d97c8d4be103c74bd5837cd7e6cd130ee1d1af0ae2d31f51b95c4a8200cecc328e1c2335e750db516b11af9f425e00f356cef767eef92ee7283716c114a4b0

    • SSDEEP

      3072:SLjeGZhA5qdE3rVtbYDA4R5M1EX/+MSkBXKl6IF8rIEtrwMMKj+ktcepV1J:S/FZhZE3rTM0qGMpwl6x1j+ktcE

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: AppCert DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppCert DLLs loaded into processes.

      persistenceprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks