1e26f05d3c3ffe7152ced679bac4d6583d86f525dc8b4c2f58683dd5f65368fa | Triage

Submit
Reports

Overview

overview

Static

static

3

9efad46c3e...18.exe

windows7-x64

9efad46c3e...18.exe

windows10-2004-x64

Sharing

General

Target

9efad46c3e0b1db3fa7ed20c2a1e1363_JaffaCakes118
Size

256KB
Sample

241126-bh5a3awlfv
MD5

9efad46c3e0b1db3fa7ed20c2a1e1363
SHA1

ba6c77e60584b33746fbdf99e8a2899f5ba1f28f
SHA256

1e26f05d3c3ffe7152ced679bac4d6583d86f525dc8b4c2f58683dd5f65368fa
SHA512

273bbd9d989254cecf9c010475cf8ad260f1ee358c23c8df61e7f3b3947a824c4172471e165a71441ad0edff1961d54247e67918118cd4c99a10029a690e5106
SSDEEP

6144:8+yFV0bgy2rM/kvt15RHxhZFtfaPNSfo/qPoPp:Ky2Q8V15VLccQ/qPox

Score

10^/10

discovery evasion persistence upx vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9efad46c3e0b1db3fa7ed20c2a1e1363_JaffaCakes118.exe

Resource

win7-20240903-en

discovery evasion persistence upx vmprotect

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

9efad46c3e0b1db3fa7ed20c2a1e1363_JaffaCakes118.exe

Resource

win10v2004-20241007-en

discovery evasion persistence upx vmprotect

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  9efad46c3e0b1db3fa7ed20c2a1e1363_JaffaCakes118
- Size
  
  256KB
- MD5
  
  9efad46c3e0b1db3fa7ed20c2a1e1363
- SHA1
  
  ba6c77e60584b33746fbdf99e8a2899f5ba1f28f
- SHA256
  
  1e26f05d3c3ffe7152ced679bac4d6583d86f525dc8b4c2f58683dd5f65368fa
- SHA512
  
  273bbd9d989254cecf9c010475cf8ad260f1ee358c23c8df61e7f3b3947a824c4172471e165a71441ad0edff1961d54247e67918118cd4c99a10029a690e5106
- SSDEEP
  
  6144:8+yFV0bgy2rM/kvt15RHxhZFtfaPNSfo/qPoPp:Ky2Q8V15VLccQ/qPox
Score

10^/10

discovery evasion persistence upx vmprotect
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceupxvmprotect

behavioral2

discoveryevasionpersistenceupxvmprotect

© 2018-2024

Terms | Privacy