29a93357a457bce164b107e660605174647e279c2d0841ff9b93422eeebcecc7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f3d3fbca95c7d256452b47c5977590c8_JaffaCakes118
Size

3.1MB
Sample

240416-thwm2afh5z
MD5

f3d3fbca95c7d256452b47c5977590c8
SHA1

918e233d16ba9ca15a7738156839807d16bd99a4
SHA256

29a93357a457bce164b107e660605174647e279c2d0841ff9b93422eeebcecc7
SHA512

cf5d77a1c298d28d98024f3d7776d4b063e55b8e7ee2f9f21715bad342f7e0d5c1d44ef719d30cc6d62ec14c791e11d24ea7a41f6538a903f6d1ff9be7b2add8
SSDEEP

49152:QhPg95YC1yRr5R+jzA66ymAu1Rx48D9d5VGoemcCHa4kFhEv+09uum4uWV355FXh:0gXt1yRr8zA6POQkapFhEv+09uh

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  f3d3fbca95c7d256452b47c5977590c8_JaffaCakes118
- Size
  
  3.1MB
- MD5
  
  f3d3fbca95c7d256452b47c5977590c8
- SHA1
  
  918e233d16ba9ca15a7738156839807d16bd99a4
- SHA256
  
  29a93357a457bce164b107e660605174647e279c2d0841ff9b93422eeebcecc7
- SHA512
  
  cf5d77a1c298d28d98024f3d7776d4b063e55b8e7ee2f9f21715bad342f7e0d5c1d44ef719d30cc6d62ec14c791e11d24ea7a41f6538a903f6d1ff9be7b2add8
- SSDEEP
  
  49152:QhPg95YC1yRr5R+jzA66ymAu1Rx48D9d5VGoemcCHa4kFhEv+09uum4uWV355FXh:0gXt1yRr8zA6POQkapFhEv+09uh
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2