Overview

overview

10

Static

static

3

342570b26e...18.exe

windows7-x64

10

342570b26e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    342570b26e52a084a4e7b898ae610880_JaffaCakes118

  • Size

    540KB

  • Sample

    240511-mnbfqafe94

  • MD5

    342570b26e52a084a4e7b898ae610880

  • SHA1

    1dbda276e2780df84e0ea86721a84600f661738b

  • SHA256

    aa417471de21e6dd9786858f8a7c781680800e32e2e2e20bd34df9161e09883a

  • SHA512

    ac9973dc30b2b19b1334b00862426b0e0cc2fa1f4b366f8fc5276b0db6d827a4b88b67e814d997034d5ad2d399e6ef60b3581cdeff90ed723d66553ebc9245d6

  • SSDEEP

    6144:UZfec9EbXDk6Rk8KU/UOPSe570Szp3b/UOPSe570Szp3Znmy+g4IE2EU:UZWtI6RktOB0vOB06aU

Score
10/10
evasionexecutionpersistence

Malware Config

Targets

    • Target

      342570b26e52a084a4e7b898ae610880_JaffaCakes118

    • Size

      540KB

    • MD5

      342570b26e52a084a4e7b898ae610880

    • SHA1

      1dbda276e2780df84e0ea86721a84600f661738b

    • SHA256

      aa417471de21e6dd9786858f8a7c781680800e32e2e2e20bd34df9161e09883a

    • SHA512

      ac9973dc30b2b19b1334b00862426b0e0cc2fa1f4b366f8fc5276b0db6d827a4b88b67e814d997034d5ad2d399e6ef60b3581cdeff90ed723d66553ebc9245d6

    • SSDEEP

      6144:UZfec9EbXDk6Rk8KU/UOPSe570Szp3b/UOPSe570Szp3Znmy+g4IE2EU:UZWtI6RktOB0vOB06aU

    Score
    10/10
    evasionexecutionpersistence

    • Disables service(s)

      evasionexecution

    • Modifies visibility of file extensions in Explorer

      evasion

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

      evasion

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

1
T1091

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Resource Development

Reconnaissance

Tasks