Overview

overview

8

Static

static

3

2ec9507006...18.exe

windows7-x64

8

2ec9507006...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    2ec9507006f1c433f0b8018686b57e25_JaffaCakes118

  • Size

    75KB

  • Sample

    241009-lks1xsyhlf

  • MD5

    2ec9507006f1c433f0b8018686b57e25

  • SHA1

    1b7cea890dad634302fa592a006aaf7e131f3644

  • SHA256

    d19d9b6cedd25060ff43c67aa1cf5119aa211238d12aea0a44497bbb3365cbb2

  • SHA512

    90a2f2f2a4394f40ad13d123b2ddad8ee04e7af8bfd01557a2466f296609a47ab778257354e43677fdcd0b52266d47335c103aafae026ad6abb58227f53e1fbc

  • SSDEEP

    1536:F2DxbD3Ww+3E92Ay4GBcddhJGqlqq6TaYqN2jGXwc8qoxyTwxJY:oDxu3kRyBgh6q8HqbXwc8qb8x

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      2ec9507006f1c433f0b8018686b57e25_JaffaCakes118

    • Size

      75KB

    • MD5

      2ec9507006f1c433f0b8018686b57e25

    • SHA1

      1b7cea890dad634302fa592a006aaf7e131f3644

    • SHA256

      d19d9b6cedd25060ff43c67aa1cf5119aa211238d12aea0a44497bbb3365cbb2

    • SHA512

      90a2f2f2a4394f40ad13d123b2ddad8ee04e7af8bfd01557a2466f296609a47ab778257354e43677fdcd0b52266d47335c103aafae026ad6abb58227f53e1fbc

    • SSDEEP

      1536:F2DxbD3Ww+3E92Ay4GBcddhJGqlqq6TaYqN2jGXwc8qoxyTwxJY:oDxu3kRyBgh6q8HqbXwc8qb8x

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks