Overview

overview

10

Static

static

3

27e7b5e63c...18.exe

windows7-x64

10

27e7b5e63c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27e7b5e63c78ab0a516f6b36823a19fe_JaffaCakes118

  • Size

    215KB

  • Sample

    241009-a2wbtsyfkb

  • MD5

    27e7b5e63c78ab0a516f6b36823a19fe

  • SHA1

    c93431751718f7e829e2509fbcf3e8e851d7cc8c

  • SHA256

    776ce61e81cdc67fd5ad1bce892a3953772f7549fea98025fceba28730e37c82

  • SHA512

    fc99870d56ed4700569bb61db077b991f426d34e15bfac75100d0e59a333973e5831596edab1a400d4cd716bb6540290c468aa94d8525be26e791bfc6b39838e

  • SSDEEP

    6144:yrus9yzI0PJpo+qpWxZ/OygXq042iLZiYVa261:yrIzI0MpWxtOyAq0mHm

Score
10/10
discoveryevasionpersistenceprivilege_escalationupx

Malware Config

Targets

    • Target

      27e7b5e63c78ab0a516f6b36823a19fe_JaffaCakes118

    • Size

      215KB

    • MD5

      27e7b5e63c78ab0a516f6b36823a19fe

    • SHA1

      c93431751718f7e829e2509fbcf3e8e851d7cc8c

    • SHA256

      776ce61e81cdc67fd5ad1bce892a3953772f7549fea98025fceba28730e37c82

    • SHA512

      fc99870d56ed4700569bb61db077b991f426d34e15bfac75100d0e59a333973e5831596edab1a400d4cd716bb6540290c468aa94d8525be26e791bfc6b39838e

    • SSDEEP

      6144:yrus9yzI0PJpo+qpWxZ/OygXq042iLZiYVa261:yrIzI0MpWxtOyAq0mHm

    Score
    10/10
    discoveryevasionpersistenceprivilege_escalationupx

    • Modifies WinLogon for persistence

      persistence

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

2
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks