df625e25c46aa46b7f95d1d9d19c62261f417039d830dbcfa1c806c7c202ddf9 | Triage

Submit
Reports

Overview

overview

Static

static

3

84683e3042...18.exe

windows7-x64

84683e3042...18.exe

windows10-2004-x64

Sharing

General

Target

84683e3042ba32496e10b41b080704c9_JaffaCakes118
Size

152KB
Sample

241101-ngtt6a1qgp
MD5

84683e3042ba32496e10b41b080704c9
SHA1

4137fa3b2418fbb69397f62fabfc16f6de755080
SHA256

df625e25c46aa46b7f95d1d9d19c62261f417039d830dbcfa1c806c7c202ddf9
SHA512

e4aba1546f7fe493817f3f33e3a29f652a7f8c52d06ac6831da960b873798ba3d2e6e4721b8b6e375f26fe2ce4cd57a51ca212a63845d7504d2a946e4db3bd07
SSDEEP

3072:oVoWnCo0fx2RNsfscJRjwjN0giT+PzbY7JjMujbaVYJ6:oVoWn30o3DaVKN0giT+LE7JYucb

Score

10^/10

collection discovery evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

84683e3042ba32496e10b41b080704c9_JaffaCakes118.exe

Resource

win7-20241010-en

discovery evasion persistence upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

84683e3042ba32496e10b41b080704c9_JaffaCakes118.exe

Resource

win10v2004-20241007-en

collection discovery evasion persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  84683e3042ba32496e10b41b080704c9_JaffaCakes118
- Size
  
  152KB
- MD5
  
  84683e3042ba32496e10b41b080704c9
- SHA1
  
  4137fa3b2418fbb69397f62fabfc16f6de755080
- SHA256
  
  df625e25c46aa46b7f95d1d9d19c62261f417039d830dbcfa1c806c7c202ddf9
- SHA512
  
  e4aba1546f7fe493817f3f33e3a29f652a7f8c52d06ac6831da960b873798ba3d2e6e4721b8b6e375f26fe2ce4cd57a51ca212a63845d7504d2a946e4db3bd07
- SSDEEP
  
  3072:oVoWnCo0fx2RNsfscJRjwjN0giT+PzbY7JjMujbaVYJ6:oVoWn30o3DaVKN0giT+LE7JYucb
Score

10^/10

discovery evasion persistence upx collection
- Modifies firewall policy service
  evasion
- Drops file in Drivers directory
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceupx

behavioral2

collectiondiscoveryevasionpersistenceupx

© 2018-2024

Terms | Privacy