Overview

overview

10

Static

static

3

3d6ee785ad...18.exe

windows7-x64

10

3d6ee785ad...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3d6ee785ad166175fc56572101dc2cad_JaffaCakes118

  • Size

    229KB

  • Sample

    241013-dhxmbszfln

  • MD5

    3d6ee785ad166175fc56572101dc2cad

  • SHA1

    a8b7a20da2b800b039bf993f4ec2a79bdce54463

  • SHA256

    e68fd6364a5ee62ff7ac15f93bf17de8c105a5375fde32e9eb1fd827cd2e2d1c

  • SHA512

    f73d21266ac8805ca4b1aa6c881f39c2e28af3e337eb68a0237889c3738ecc17c88cf039adf5eb66091e2fa1fcf174b3664abc8210903c9530f32865d53ed660

  • SSDEEP

    6144:TjLOjTZIVuJCRZBkDJjoLfF0PRKym7GVYud6Q2:/LO+MJCspKymquuS

Score
10/10
discoveryevasionpersistenceupx

Malware Config

Targets

    • Target

      3d6ee785ad166175fc56572101dc2cad_JaffaCakes118

    • Size

      229KB

    • MD5

      3d6ee785ad166175fc56572101dc2cad

    • SHA1

      a8b7a20da2b800b039bf993f4ec2a79bdce54463

    • SHA256

      e68fd6364a5ee62ff7ac15f93bf17de8c105a5375fde32e9eb1fd827cd2e2d1c

    • SHA512

      f73d21266ac8805ca4b1aa6c881f39c2e28af3e337eb68a0237889c3738ecc17c88cf039adf5eb66091e2fa1fcf174b3664abc8210903c9530f32865d53ed660

    • SSDEEP

      6144:TjLOjTZIVuJCRZBkDJjoLfF0PRKym7GVYud6Q2:/LO+MJCspKymquuS

    Score
    10/10
    discoveryevasionpersistenceupx

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates processes with tasklist

      discovery

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks