cbe3a182ca2a7026a23063d4a684ac1bcb9b9a286cb69fcc27d668e2b55ac5f4 | Triage

Sharing

General

Target

ccbbb80d91a6298268ef13f6963dfc52_JaffaCakes118
Size

15.9MB
Sample

240405-gp1t4sde9x
MD5

ccbbb80d91a6298268ef13f6963dfc52
SHA1

c0ebd4e15e00943cf783d17dfb898127be9cec35
SHA256

cbe3a182ca2a7026a23063d4a684ac1bcb9b9a286cb69fcc27d668e2b55ac5f4
SHA512

b6ae6196f20d0ade65123fe7516ac92b1e7ee0f1da9120622638191ada2df1a5e52bd2343c224f4d6e256d7a63da29a2ded0d3de5d32178fd139b33c4e61a0da
SSDEEP

393216:Rg7urg7urg7urg7urg7urg7urg7urg7uN:iScScScScScScScSN

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  ccbbb80d91a6298268ef13f6963dfc52_JaffaCakes118
- Size
  
  15.9MB
- MD5
  
  ccbbb80d91a6298268ef13f6963dfc52
- SHA1
  
  c0ebd4e15e00943cf783d17dfb898127be9cec35
- SHA256
  
  cbe3a182ca2a7026a23063d4a684ac1bcb9b9a286cb69fcc27d668e2b55ac5f4
- SHA512
  
  b6ae6196f20d0ade65123fe7516ac92b1e7ee0f1da9120622638191ada2df1a5e52bd2343c224f4d6e256d7a63da29a2ded0d3de5d32178fd139b33c4e61a0da
- SSDEEP
  
  393216:Rg7urg7urg7urg7urg7urg7urg7urg7uN:iScScScScScScScSN
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2