4adfdcb3d3fb5e4f7b95b3600ec6c3865462de19b46ef2c0ccd014db3dbb311b | Triage

Sharing

General

Target

fbaa0a3e6b5173986ee5302d0ed13079_JaffaCakes118
Size

12KB
Sample

240420-b9dbnadd39
MD5

fbaa0a3e6b5173986ee5302d0ed13079
SHA1

f858a1b988e717f099c34bae058302c96f28d649
SHA256

4adfdcb3d3fb5e4f7b95b3600ec6c3865462de19b46ef2c0ccd014db3dbb311b
SHA512

4c272ba192f938cacecd3506d4134f2ef72f59f8db17639acf6c56ba8a44e6eb83131a4398645ced3c19dfdc032d22be6cd0bdf2c50cc981a4a77cc9e221802f
SSDEEP

384:TSifIrO7k6zLoqupEaJpd5/k5jbDueeH2N0U03Y:WaAO5n+t5kueeHIEY

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  fbaa0a3e6b5173986ee5302d0ed13079_JaffaCakes118
- Size
  
  12KB
- MD5
  
  fbaa0a3e6b5173986ee5302d0ed13079
- SHA1
  
  f858a1b988e717f099c34bae058302c96f28d649
- SHA256
  
  4adfdcb3d3fb5e4f7b95b3600ec6c3865462de19b46ef2c0ccd014db3dbb311b
- SHA512
  
  4c272ba192f938cacecd3506d4134f2ef72f59f8db17639acf6c56ba8a44e6eb83131a4398645ced3c19dfdc032d22be6cd0bdf2c50cc981a4a77cc9e221802f
- SSDEEP
  
  384:TSifIrO7k6zLoqupEaJpd5/k5jbDueeH2N0U03Y:WaAO5n+t5kueeHIEY
Score

8^/10

persistence
- Modifies AppInit DLL entries
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2