e437c7c1114e73cbb235b088f83b6fb033ee9d650b623e5b134bcf4f9e1a3fe5 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

1ba3a7064d...18.exe

windows7-x64

8

1ba3a7064d...18.exe

windows10-2004-x64

8

Sharing

General

Target

1ba3a7064de85c2df1a27eb0fe7b78d7_JaffaCakes118
Size

86KB
Sample

240701-rrygwazfjm
MD5

1ba3a7064de85c2df1a27eb0fe7b78d7
SHA1

ec831f5eed44dc521d52f0256c3f693ef65f9a43
SHA256

e437c7c1114e73cbb235b088f83b6fb033ee9d650b623e5b134bcf4f9e1a3fe5
SHA512

54e8d8a95d44a98ce51853991cf1d147716d9e7bdef6058f88c2b617da502c26240dc92653b0518f3448c89a3036ba17e06eb9ace8a514739669a9376d67bcb4
SSDEEP

1536:r42iu1SpbZ4L0LQTXVf3BFnToIf1TR0r5ZiNbWR/+p8MXCKzecrTBm:c2gUVf3BtTBf1TR0r5ZiNbWR2pRXBzeN

Score

8^/10

persistence vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1ba3a7064de85c2df1a27eb0fe7b78d7_JaffaCakes118.exe

Resource

win7-20240508-en

persistence vmprotect

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

1ba3a7064de85c2df1a27eb0fe7b78d7_JaffaCakes118.exe

Resource

win10v2004-20240508-en

persistence vmprotect

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  1ba3a7064de85c2df1a27eb0fe7b78d7_JaffaCakes118
- Size
  
  86KB
- MD5
  
  1ba3a7064de85c2df1a27eb0fe7b78d7
- SHA1
  
  ec831f5eed44dc521d52f0256c3f693ef65f9a43
- SHA256
  
  e437c7c1114e73cbb235b088f83b6fb033ee9d650b623e5b134bcf4f9e1a3fe5
- SHA512
  
  54e8d8a95d44a98ce51853991cf1d147716d9e7bdef6058f88c2b617da502c26240dc92653b0518f3448c89a3036ba17e06eb9ace8a514739669a9376d67bcb4
- SSDEEP
  
  1536:r42iu1SpbZ4L0LQTXVf3BFnToIf1TR0r5ZiNbWR/+p8MXCKzecrTBm:c2gUVf3BtTBf1TR0r5ZiNbWR2pRXBzeN
Score

8^/10

persistence vmprotect
- Drops file in Drivers directory
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencevmprotect

behavioral2

persistencevmprotect

© 2018-2024

Terms | Privacy