4f1c1e68a006209a0d88b931d09e1b524c91986693c7da535bdd4ee663072c51 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04f2953201ed1c0b0aa6e1331924d353_JaffaCakes118.exe
Size

111KB
Sample

240505-klm1mace8x
MD5

04f2953201ed1c0b0aa6e1331924d353
SHA1

a031d897e4a6685be8db998035ce18a7879a804f
SHA256

4f1c1e68a006209a0d88b931d09e1b524c91986693c7da535bdd4ee663072c51
SHA512

9cd1e8ea3708171066f82687e525468cde747b06716ca69d9be9294ec1e43f23719bf1de2445441e3d20e3e927d22306f69e2cd7066e4cc95e81f49340cddcf7
SSDEEP

3072:fG8XUV2vHdMtvKYmg65HycQ5vQ97Kbbcn:OUUVmdMtvKYmg65aUKbbcn

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  04f2953201ed1c0b0aa6e1331924d353_JaffaCakes118.exe
- Size
  
  111KB
- MD5
  
  04f2953201ed1c0b0aa6e1331924d353
- SHA1
  
  a031d897e4a6685be8db998035ce18a7879a804f
- SHA256
  
  4f1c1e68a006209a0d88b931d09e1b524c91986693c7da535bdd4ee663072c51
- SHA512
  
  9cd1e8ea3708171066f82687e525468cde747b06716ca69d9be9294ec1e43f23719bf1de2445441e3d20e3e927d22306f69e2cd7066e4cc95e81f49340cddcf7
- SSDEEP
  
  3072:fG8XUV2vHdMtvKYmg65HycQ5vQ97Kbbcn:OUUVmdMtvKYmg65aUKbbcn
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2