Overview

overview

10

Static

static

3

056b173fa9...18.exe

windows7-x64

10

056b173fa9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    056b173fa9ff84e06fef62a4ad9b73d6_JaffaCakes118

  • Size

    196KB

  • Sample

    240428-r2a5bsac7v

  • MD5

    056b173fa9ff84e06fef62a4ad9b73d6

  • SHA1

    f8d81e1aefb34ba4b18a4a193063dd12d0fafd4c

  • SHA256

    3a5cbd8a04b3085328507e7d930dd82ba57c5c62145d94ed749a4c80e47b9a8d

  • SHA512

    51732668acdaeba5077cd7122960c254f85d12078ec49a8501a9b354370d5fe1574c5e1b47f7905243106aa7ff5ff68c00f62a7155de82e5eece48c41e7aa890

  • SSDEEP

    3072:ZGBT753Q+RgWgMlIx1ZiXjb6aEF6D0NM9voeLNZ3mEld:Y753RgWg4aAXjb6aEFfooeLNZB

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      056b173fa9ff84e06fef62a4ad9b73d6_JaffaCakes118

    • Size

      196KB

    • MD5

      056b173fa9ff84e06fef62a4ad9b73d6

    • SHA1

      f8d81e1aefb34ba4b18a4a193063dd12d0fafd4c

    • SHA256

      3a5cbd8a04b3085328507e7d930dd82ba57c5c62145d94ed749a4c80e47b9a8d

    • SHA512

      51732668acdaeba5077cd7122960c254f85d12078ec49a8501a9b354370d5fe1574c5e1b47f7905243106aa7ff5ff68c00f62a7155de82e5eece48c41e7aa890

    • SSDEEP

      3072:ZGBT753Q+RgWgMlIx1ZiXjb6aEF6D0NM9voeLNZ3mEld:Y753RgWg4aAXjb6aEFfooeLNZB

    Score
    10/10
    evasionpersistence

    • Modifies WinLogon for persistence

      persistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Disables cmd.exe use via registry modification

      evasion

    • Disables use of System Restore points

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

2
T1547.004

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

2
T1547.004

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

9
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

1
T1490

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.