ce95e81faddf90a6fb949c1b68aa403788f4768ac907248de22a60e70d0b5fa1 | Triage

Sharing

General

Target

135427dbcb10d6928ef39e233667c312_JaffaCakes118
Size

2.5MB
Sample

240504-svrdeahg2v
MD5

135427dbcb10d6928ef39e233667c312
SHA1

55b5c0293993b51161cde91ccc2d1e1cab2be3fe
SHA256

ce95e81faddf90a6fb949c1b68aa403788f4768ac907248de22a60e70d0b5fa1
SHA512

7636ec3d57b57415aa785450f472d74990b9a393f7a74aac05c958649ef8f6d72b16b88d33bb6dfab05a83aae389eecee09cd207dc314db21f927caac2f8f5cc
SSDEEP

24576:UuhaqOieZJ8NI85OWOKOieZJ8NI85OWOKOieZJ8NI85OWOKOieZJ8NI85OWOoc:by8080808nc

Score

10^/10

evasion execution persistence

Malware Config

Targets

- Target
  
  135427dbcb10d6928ef39e233667c312_JaffaCakes118
- Size
  
  2.5MB
- MD5
  
  135427dbcb10d6928ef39e233667c312
- SHA1
  
  55b5c0293993b51161cde91ccc2d1e1cab2be3fe
- SHA256
  
  ce95e81faddf90a6fb949c1b68aa403788f4768ac907248de22a60e70d0b5fa1
- SHA512
  
  7636ec3d57b57415aa785450f472d74990b9a393f7a74aac05c958649ef8f6d72b16b88d33bb6dfab05a83aae389eecee09cd207dc314db21f927caac2f8f5cc
- SSDEEP
  
  24576:UuhaqOieZJ8NI85OWOKOieZJ8NI85OWOKOieZJ8NI85OWOKOieZJ8NI85OWOoc:by8080808nc
Score

10^/10

evasion execution persistence
- Disables service(s)
  evasion execution
- Modifies visibility of file extensions in Explorer
  evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionpersistence

behavioral2

evasionexecutionpersistence