ac2afda9e5df38f43680fc64b6718167593d940d9c1986037d128b459f42c327 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

1a35caea33...18.dll

windows7-x64

8

1a35caea33...18.dll

windows10-2004-x64

8

Sharing

General

Target

1a35caea333db3be203aa25000987fb4_JaffaCakes118
Size

60KB
Sample

240628-p756jstdmn
MD5

1a35caea333db3be203aa25000987fb4
SHA1

78e9e37bdd53fca3e22adf6d4c5824f8d25fa183
SHA256

ac2afda9e5df38f43680fc64b6718167593d940d9c1986037d128b459f42c327
SHA512

eef8a1f6ee8838aa2cd87f91df2bfca6e6033ec95a8328de9c6578ff2326ab5381c7de597d9874664688e1a83a9dbf31d14b99135b70d479155afffb98abab75
SSDEEP

1536:iJiYU3BupCdtWMrd4IJfzc5TOtnVxhxMU:iJil3BaCdtWxSLMTOtVxgU

Score

8^/10

persistence privilege_escalation vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1a35caea333db3be203aa25000987fb4_JaffaCakes118.dll

Resource

win7-20240508-en

persistence privilege_escalation vmprotect

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1a35caea333db3be203aa25000987fb4_JaffaCakes118.dll

Resource

win10v2004-20240611-en

persistence privilege_escalation vmprotect

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  1a35caea333db3be203aa25000987fb4_JaffaCakes118
- Size
  
  60KB
- MD5
  
  1a35caea333db3be203aa25000987fb4
- SHA1
  
  78e9e37bdd53fca3e22adf6d4c5824f8d25fa183
- SHA256
  
  ac2afda9e5df38f43680fc64b6718167593d940d9c1986037d128b459f42c327
- SHA512
  
  eef8a1f6ee8838aa2cd87f91df2bfca6e6033ec95a8328de9c6578ff2326ab5381c7de597d9874664688e1a83a9dbf31d14b99135b70d479155afffb98abab75
- SSDEEP
  
  1536:iJiYU3BupCdtWMrd4IJfzc5TOtnVxhxMU:iJil3BaCdtWxSLMTOtVxgU
Score

8^/10

persistence privilege_escalation vmprotect
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistenceprivilege_escalationvmprotect

behavioral2

persistenceprivilege_escalationvmprotect

© 2018-2024

Terms | Privacy