Overview

overview

7

Static

static

7

19a5ff0807...18.exe

windows7-x64

7

19a5ff0807...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19a5ff0807e730ef9a9f8b22722da90d_JaffaCakes118

  • Size

    3.6MB

  • Sample

    240628-lkxn4svglk

  • MD5

    19a5ff0807e730ef9a9f8b22722da90d

  • SHA1

    2a75fa103a69984503b577fc26ecf3b81aca1629

  • SHA256

    cae3362449069b70eb6f1e00b340f5f2625bf4f101ffdbdd6fc985f630749331

  • SHA512

    8f92939d71c01dfefd32e924b2e643f5f765cd5f12e4e392fad852331e5f172b560c38e6b90093997888cf87d91a050045e7ebcd7cd5082816e905af8569ac76

  • SSDEEP

    98304:1Ej6zFikY/0V/lnowD+MBhZ/tfzimhLhQEN:gEFs/8JL+MBHnh

Score
7/10
vmprotect

Malware Config

Targets

    • Target

      19a5ff0807e730ef9a9f8b22722da90d_JaffaCakes118

    • Size

      3.6MB

    • MD5

      19a5ff0807e730ef9a9f8b22722da90d

    • SHA1

      2a75fa103a69984503b577fc26ecf3b81aca1629

    • SHA256

      cae3362449069b70eb6f1e00b340f5f2625bf4f101ffdbdd6fc985f630749331

    • SHA512

      8f92939d71c01dfefd32e924b2e643f5f765cd5f12e4e392fad852331e5f172b560c38e6b90093997888cf87d91a050045e7ebcd7cd5082816e905af8569ac76

    • SSDEEP

      98304:1Ej6zFikY/0V/lnowD+MBhZ/tfzimhLhQEN:gEFs/8JL+MBHnh

    Score
    7/10
    vmprotect

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks