7caba21d4e70a84cf6a51b21a9ce42d88275d2e38a0fa7e49df57f64eec6b312 | Triage

Submit
Reports

Overview

overview

Static

static

5

2eab8e8352...18.exe

windows7-x64

2eab8e8352...18.exe

windows10-2004-x64

Sharing

General

Target

2eab8e83524c6b046741ce0c1dce2dd8_JaffaCakes118
Size

360KB
Sample

241009-lewjvstgkl
MD5

2eab8e83524c6b046741ce0c1dce2dd8
SHA1

34b8012c883e6f6179670ca6a8dceaf2084ed4f5
SHA256

7caba21d4e70a84cf6a51b21a9ce42d88275d2e38a0fa7e49df57f64eec6b312
SHA512

88c56f0d7d7a8baf5783f5a35b1859cb977e629ec00d273b290f23da70b8935a87798c9285da33f1f1d3f7f88cb734aa5e957f0ce91b8fed42f36a3fd9fb2cd5
SSDEEP

6144:tYZTNk3D6LyUXwLLk+cR3qh0GQ43VJRD0ew+/UO85IczI:tSNC80I+cR3R03VseuO85

Score

10^/10

discovery evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2eab8e83524c6b046741ce0c1dce2dd8_JaffaCakes118.exe

Resource

win7-20240903-en

discovery evasion persistence upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

2eab8e83524c6b046741ce0c1dce2dd8_JaffaCakes118.exe

Resource

win10v2004-20241007-en

discovery evasion persistence upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  2eab8e83524c6b046741ce0c1dce2dd8_JaffaCakes118
- Size
  
  360KB
- MD5
  
  2eab8e83524c6b046741ce0c1dce2dd8
- SHA1
  
  34b8012c883e6f6179670ca6a8dceaf2084ed4f5
- SHA256
  
  7caba21d4e70a84cf6a51b21a9ce42d88275d2e38a0fa7e49df57f64eec6b312
- SHA512
  
  88c56f0d7d7a8baf5783f5a35b1859cb977e629ec00d273b290f23da70b8935a87798c9285da33f1f1d3f7f88cb734aa5e957f0ce91b8fed42f36a3fd9fb2cd5
- SSDEEP
  
  6144:tYZTNk3D6LyUXwLLk+cR3qh0GQ43VJRD0ew+/UO85IczI:tSNC80I+cR3R03VseuO85
Score

10^/10

discovery evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceupx

behavioral2

discoveryevasionpersistenceupx

© 2018-2024

Terms | Privacy