9489ce23ffced58c9247089d34fc4edbe66be27afda764e74fa40ff639be4ffc | Triage

Submit
Reports

Overview

overview

Static

static

3

26c11cfa8b...18.exe

windows7-x64

26c11cfa8b...18.exe

windows10-2004-x64

Sharing

General

Target

26c11cfa8bc27f5deddcb89ed32ee3b7_JaffaCakes118
Size

22KB
Sample

240705-af81sszcqc
MD5

26c11cfa8bc27f5deddcb89ed32ee3b7
SHA1

0f85860383685f51f700bbc57ea08b00201c651c
SHA256

9489ce23ffced58c9247089d34fc4edbe66be27afda764e74fa40ff639be4ffc
SHA512

d16543b23b69db8d9efe5c62308f20f909e6ae156fd3b967cc5acd5f14aac04dc6b14c2ba5098a40b84a99b7f3517b447135ea20c9008e403ed2dcb6268f3941
SSDEEP

384:iMiNPiiiEGBXloBoymt4RmJoP1+vd+7xVbFNiM8oEAe/jh31fc+i2RE5u8N55Y:iM6iEOVo+ye4Rmnvex9FNqbT/jx1cfUD

Score

10^/10

persistence vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

26c11cfa8bc27f5deddcb89ed32ee3b7_JaffaCakes118.exe

Resource

win7-20240508-en

persistence vmprotect

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

26c11cfa8bc27f5deddcb89ed32ee3b7_JaffaCakes118.exe

Resource

win10v2004-20240704-en

persistence vmprotect

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  26c11cfa8bc27f5deddcb89ed32ee3b7_JaffaCakes118
- Size
  
  22KB
- MD5
  
  26c11cfa8bc27f5deddcb89ed32ee3b7
- SHA1
  
  0f85860383685f51f700bbc57ea08b00201c651c
- SHA256
  
  9489ce23ffced58c9247089d34fc4edbe66be27afda764e74fa40ff639be4ffc
- SHA512
  
  d16543b23b69db8d9efe5c62308f20f909e6ae156fd3b967cc5acd5f14aac04dc6b14c2ba5098a40b84a99b7f3517b447135ea20c9008e403ed2dcb6268f3941
- SSDEEP
  
  384:iMiNPiiiEGBXloBoymt4RmJoP1+vd+7xVbFNiM8oEAe/jh31fc+i2RE5u8N55Y:iM6iEOVo+ye4Rmnvex9FNqbT/jx1cfUD
Score

10^/10

persistence vmprotect
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencevmprotect

behavioral2

persistencevmprotect

© 2018-2024

Terms | Privacy