474f13805ec346c7514fb92dc35ab449848da6a3f1152ef6104ffc8f46c6c364 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

19c9ebb9f0...18.dll

windows7-x64

8

19c9ebb9f0...18.dll

windows10-2004-x64

8

Sharing

General

Target

19c9ebb9f0f15b7a84db4101836656f0_JaffaCakes118
Size

60KB
Sample

240628-mh2eysvarf
MD5

19c9ebb9f0f15b7a84db4101836656f0
SHA1

46c5854345e6ecefd5b3ff5825bb785007e76782
SHA256

474f13805ec346c7514fb92dc35ab449848da6a3f1152ef6104ffc8f46c6c364
SHA512

650f6a3be208f85395faaab34533d209cb7f8cdd6dd5dffbbfbfdaf6d0a370022dc4f1d6aa37089e1675fbb97bffb28d5f10f1b79ea68207baa0635950398c1f
SSDEEP

1536:3JiYU3BtpCdtWMrd4IJfzc5TOtnVxhxMU:3Jil3BHCdtWxSLMTOtVxgU

Score

8^/10

persistence privilege_escalation vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

19c9ebb9f0f15b7a84db4101836656f0_JaffaCakes118.dll

Resource

win7-20240611-en

persistence privilege_escalation vmprotect

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

19c9ebb9f0f15b7a84db4101836656f0_JaffaCakes118.dll

Resource

win10v2004-20240611-en

persistence privilege_escalation vmprotect

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  19c9ebb9f0f15b7a84db4101836656f0_JaffaCakes118
- Size
  
  60KB
- MD5
  
  19c9ebb9f0f15b7a84db4101836656f0
- SHA1
  
  46c5854345e6ecefd5b3ff5825bb785007e76782
- SHA256
  
  474f13805ec346c7514fb92dc35ab449848da6a3f1152ef6104ffc8f46c6c364
- SHA512
  
  650f6a3be208f85395faaab34533d209cb7f8cdd6dd5dffbbfbfdaf6d0a370022dc4f1d6aa37089e1675fbb97bffb28d5f10f1b79ea68207baa0635950398c1f
- SSDEEP
  
  1536:3JiYU3BtpCdtWMrd4IJfzc5TOtnVxhxMU:3Jil3BHCdtWxSLMTOtVxgU
Score

8^/10

persistence privilege_escalation vmprotect
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistenceprivilege_escalationvmprotect

behavioral2

persistenceprivilege_escalationvmprotect

© 2018-2024

Terms | Privacy