Overview

overview

8

Static

static

3

0dff30a21a...18.exe

windows7-x64

8

0dff30a21a...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0dff30a21abd2a62df4643cb16090e6d_JaffaCakes118

  • Size

    155KB

  • Sample

    241003-ff255svhmn

  • MD5

    0dff30a21abd2a62df4643cb16090e6d

  • SHA1

    1c25fe66a4ba46a7464fbb994196f1c3d94bcadf

  • SHA256

    ed485516653d1f345aa98e04f6ffaeccd8e26c9977760ad81a8fa1c86314c5b9

  • SHA512

    c215da3661fe7632fac437fa4b97aa9a80b85e1378ce914ed4b3cbb85a7e132e02424cb6e9db0722de6f6a01fd33b7e00e9c9657e8f8b0e6d329b3c2dc7def64

  • SSDEEP

    3072:iPvglguoQEIdoyKWgw3XWqq1lvdSooFI3u/nd:s4uKEIdH5JnyLoWu/nd

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      0dff30a21abd2a62df4643cb16090e6d_JaffaCakes118

    • Size

      155KB

    • MD5

      0dff30a21abd2a62df4643cb16090e6d

    • SHA1

      1c25fe66a4ba46a7464fbb994196f1c3d94bcadf

    • SHA256

      ed485516653d1f345aa98e04f6ffaeccd8e26c9977760ad81a8fa1c86314c5b9

    • SHA512

      c215da3661fe7632fac437fa4b97aa9a80b85e1378ce914ed4b3cbb85a7e132e02424cb6e9db0722de6f6a01fd33b7e00e9c9657e8f8b0e6d329b3c2dc7def64

    • SSDEEP

      3072:iPvglguoQEIdoyKWgw3XWqq1lvdSooFI3u/nd:s4uKEIdH5JnyLoWu/nd

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks