137b4ef415e3a38d4d40322fb9c9dc3a1ffb4828d38224fe5a625a84376b885e | Triage

Sharing

General

Target

0597ef64bbe482a92adb1909eba8f923_JaffaCakes118
Size

435KB
Sample

240428-tvkfjabf49
MD5

0597ef64bbe482a92adb1909eba8f923
SHA1

d874159f809c6709bbf4b820fa1f60bb006afa3d
SHA256

137b4ef415e3a38d4d40322fb9c9dc3a1ffb4828d38224fe5a625a84376b885e
SHA512

1b4478a7d9e4c8666e6f91ff676fb339a3f3c726c21e3748bc0d691dbc5c0f020598edf6d97a9a16663f54513e29527e343ecb8a36a6485db6123ef85961ba39
SSDEEP

12288:KKz4hAmKw0Li7et1ZeV7wAiNMh+toQZwTaFP3WNJjc9ho/:KKzRDw0L0G1ZOwAiNU+edGxIi2/

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  0597ef64bbe482a92adb1909eba8f923_JaffaCakes118
- Size
  
  435KB
- MD5
  
  0597ef64bbe482a92adb1909eba8f923
- SHA1
  
  d874159f809c6709bbf4b820fa1f60bb006afa3d
- SHA256
  
  137b4ef415e3a38d4d40322fb9c9dc3a1ffb4828d38224fe5a625a84376b885e
- SHA512
  
  1b4478a7d9e4c8666e6f91ff676fb339a3f3c726c21e3748bc0d691dbc5c0f020598edf6d97a9a16663f54513e29527e343ecb8a36a6485db6123ef85961ba39
- SSDEEP
  
  12288:KKz4hAmKw0Li7et1ZeV7wAiNMh+toQZwTaFP3WNJjc9ho/:KKzRDw0L0G1ZOwAiNU+edGxIi2/
Score

10^/10

evasion
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2