35997b0ec989bba17930c4dff82d72ea682b295e98d02a0b184b6ff5134fbfc3 | Triage

Sharing

General

Target

f55d64dd790d022e19dede72d4fbb26d_JaffaCakes118
Size

17KB
Sample

240417-j94gvahg37
MD5

f55d64dd790d022e19dede72d4fbb26d
SHA1

0b5e6f69f8c8aa8493e0a24377b9dd7d8776228f
SHA256

35997b0ec989bba17930c4dff82d72ea682b295e98d02a0b184b6ff5134fbfc3
SHA512

512df0b36384bc41b3a572e6f14ec77b11e6247c6ca19dbf7ed13a7de0a7b06d763cc4b125f6167245bff818bc739a997eced1a68f059c5d680421c045ba0d0e
SSDEEP

384:hFtn26UMcmZO2Zp+Nye8pqrmub8TyztsDN:hPBUMoKK8o8TyJc

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  f55d64dd790d022e19dede72d4fbb26d_JaffaCakes118
- Size
  
  17KB
- MD5
  
  f55d64dd790d022e19dede72d4fbb26d
- SHA1
  
  0b5e6f69f8c8aa8493e0a24377b9dd7d8776228f
- SHA256
  
  35997b0ec989bba17930c4dff82d72ea682b295e98d02a0b184b6ff5134fbfc3
- SHA512
  
  512df0b36384bc41b3a572e6f14ec77b11e6247c6ca19dbf7ed13a7de0a7b06d763cc4b125f6167245bff818bc739a997eced1a68f059c5d680421c045ba0d0e
- SSDEEP
  
  384:hFtn26UMcmZO2Zp+Nye8pqrmub8TyztsDN:hPBUMoKK8o8TyJc
Score

8^/10

persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2