8324e15c5e7d70eb9ea63a31ef95c241784dd314927fd5bafad0cbc726f0ba58 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1894e0de246deb45f6e380e0331a13dd_JaffaCakes118
Size

8.9MB
Sample

240329-e9efhahh7s
MD5

1894e0de246deb45f6e380e0331a13dd
SHA1

4b1c9a6ff7e867ddbe6f096317a42b3a57a0d9c5
SHA256

8324e15c5e7d70eb9ea63a31ef95c241784dd314927fd5bafad0cbc726f0ba58
SHA512

3aad3e0b93e1bb966c87ab50233f607eb785cc946496d1a502879202a720e626942ff8a198ed526a2e9bff9b296b1c64453e518efca8d9f61bf38dd6b777cdb8
SSDEEP

196608:8fazg7DSmfazg7DSmSfazg7DSmfazg7DSmh:Tg7uVg7uwg7uVg7uy

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  1894e0de246deb45f6e380e0331a13dd_JaffaCakes118
- Size
  
  8.9MB
- MD5
  
  1894e0de246deb45f6e380e0331a13dd
- SHA1
  
  4b1c9a6ff7e867ddbe6f096317a42b3a57a0d9c5
- SHA256
  
  8324e15c5e7d70eb9ea63a31ef95c241784dd314927fd5bafad0cbc726f0ba58
- SHA512
  
  3aad3e0b93e1bb966c87ab50233f607eb785cc946496d1a502879202a720e626942ff8a198ed526a2e9bff9b296b1c64453e518efca8d9f61bf38dd6b777cdb8
- SSDEEP
  
  196608:8fazg7DSmfazg7DSmSfazg7DSmfazg7DSmh:Tg7uVg7uwg7uVg7uy
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2