Overview

overview

10

Static

static

5

04368110d5...18.exe

windows7-x64

10

04368110d5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04368110d5ce090681d01deaadea2409_JaffaCakes118

  • Size

    747KB

  • Sample

    240428-db116seh5t

  • MD5

    04368110d5ce090681d01deaadea2409

  • SHA1

    37e7ae7b04b6511ec525a0c23a4d5211438f0cdc

  • SHA256

    09e7e0993d2c44f85eb203e790a8e77004b59b09c69b93efe8151b2c366a3978

  • SHA512

    06977afcfffda85e58f16da09d86619156d2ba61140605a57e7e233cb219ac6e9ecc25466d4388cfeb7e6f00f4d706dfcb79e938c4abaa7629077de84bcbe652

  • SSDEEP

    12288:chkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcbNt0vACQ:URmJkcoQricOIQxiZY1WNyYCQ

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      04368110d5ce090681d01deaadea2409_JaffaCakes118

    • Size

      747KB

    • MD5

      04368110d5ce090681d01deaadea2409

    • SHA1

      37e7ae7b04b6511ec525a0c23a4d5211438f0cdc

    • SHA256

      09e7e0993d2c44f85eb203e790a8e77004b59b09c69b93efe8151b2c366a3978

    • SHA512

      06977afcfffda85e58f16da09d86619156d2ba61140605a57e7e233cb219ac6e9ecc25466d4388cfeb7e6f00f4d706dfcb79e938c4abaa7629077de84bcbe652

    • SSDEEP

      12288:chkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcbNt0vACQ:URmJkcoQricOIQxiZY1WNyYCQ

    Score
    10/10
    evasionpersistencetrojan

    • UAC bypass

      evasiontrojan

    • Drops file in Drivers directory

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

4
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks