General
-
Target
9ee65f785d4480376250b8fa48b573fe_JaffaCakes118
-
Size
98KB
-
Sample
241126-a8anpsskek
-
MD5
9ee65f785d4480376250b8fa48b573fe
-
SHA1
9b6fc772d8331e9b8e5102bfe7a05a1adcf2aa94
-
SHA256
d5c57d5bbadfbbc34008a91f411e6f5b6821073b8fc5c629661ad800ddf10918
-
SHA512
6cc47b9651f2ecd2c636713f61eab7dd6bccfa6445edbdef807e7ff856c857189ca59e0065a7e03a909aa0bef8619dab7d8b596d19ef31747f2eb5a312453c5f
-
SSDEEP
3072:1bIOHjY5SsWuQckHq8Z0Zfk5JxVSOgakkm7FZ+out:tHsQckK8KC53ATn+oS
Malware Config
Targets
-
-
Target
9ee65f785d4480376250b8fa48b573fe_JaffaCakes118
-
Size
98KB
-
MD5
9ee65f785d4480376250b8fa48b573fe
-
SHA1
9b6fc772d8331e9b8e5102bfe7a05a1adcf2aa94
-
SHA256
d5c57d5bbadfbbc34008a91f411e6f5b6821073b8fc5c629661ad800ddf10918
-
SHA512
6cc47b9651f2ecd2c636713f61eab7dd6bccfa6445edbdef807e7ff856c857189ca59e0065a7e03a909aa0bef8619dab7d8b596d19ef31747f2eb5a312453c5f
-
SSDEEP
3072:1bIOHjY5SsWuQckHq8Z0Zfk5JxVSOgakkm7FZ+out:tHsQckK8KC53ATn+oS
Score8/10-
Drops file in Drivers directory
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1AppInit DLLs
1