Overview

overview

7

Static

static

3

0af97e80ab...18.exe

windows7-x64

7

0af97e80ab...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0af97e80abed0a1b668ceef5c0f53f9c_JaffaCakes118

  • Size

    160KB

  • Sample

    241002-q48ypsyhnk

  • MD5

    0af97e80abed0a1b668ceef5c0f53f9c

  • SHA1

    34b6698cfde5564d5f59f771c42d8afb22824d3d

  • SHA256

    fa916958261980664f6428f7680688b5396056033ebccbe155938cb3d473ab73

  • SHA512

    da3c8138760a8c46a14a57c7db28403560fb3d527a6b5208532d999c5f4eae97ef7995b260bed8b62efbfc89090302f6e21954c4d91be461f8b22f384f56c6de

  • SSDEEP

    3072:/XcK0R/0b+YOUCh6+QsuNM9baxRJyEv65bAWt3bKG3Ttc48DX0avM78NhPbp:EKs/0b/OZU0YoF5MWt3ek/8PPN

Score
7/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      0af97e80abed0a1b668ceef5c0f53f9c_JaffaCakes118

    • Size

      160KB

    • MD5

      0af97e80abed0a1b668ceef5c0f53f9c

    • SHA1

      34b6698cfde5564d5f59f771c42d8afb22824d3d

    • SHA256

      fa916958261980664f6428f7680688b5396056033ebccbe155938cb3d473ab73

    • SHA512

      da3c8138760a8c46a14a57c7db28403560fb3d527a6b5208532d999c5f4eae97ef7995b260bed8b62efbfc89090302f6e21954c4d91be461f8b22f384f56c6de

    • SSDEEP

      3072:/XcK0R/0b+YOUCh6+QsuNM9baxRJyEv65bAWt3bKG3Ttc48DX0avM78NhPbp:EKs/0b/OZU0YoF5MWt3ek/8PPN

    Score
    7/10
    discoverypersistenceprivilege_escalation

    • Deletes itself

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks