92a44d57e21fb7eb09cd897249ae3d2b3822f05f86846f9d3dfe9f750e96b362 | Triage

Sharing

General

Target

425d9a1f5eb07f8ba4ed354c757bb72e_JaffaCakes118
Size

9KB
Sample

240514-watvksgd2w
MD5

425d9a1f5eb07f8ba4ed354c757bb72e
SHA1

c96f2b98374f7e2328f1e1ab80eed15fb6048198
SHA256

92a44d57e21fb7eb09cd897249ae3d2b3822f05f86846f9d3dfe9f750e96b362
SHA512

c68e905289f1c6311b32084e55015adb97451a183aa4c228f320957b4b2fccaf6a4fa930d880632e03d44d77e8ab5fb51014cf33c0cdafae1c5e179faf51ab86
SSDEEP

96:5W9ZUDRCWmCqm9RYs8A3CNiLUB2cZmNwMwGgSe3OhTy/33s1l/S:0ulhc0222zGgJ3OhTy/cS

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  425d9a1f5eb07f8ba4ed354c757bb72e_JaffaCakes118
- Size
  
  9KB
- MD5
  
  425d9a1f5eb07f8ba4ed354c757bb72e
- SHA1
  
  c96f2b98374f7e2328f1e1ab80eed15fb6048198
- SHA256
  
  92a44d57e21fb7eb09cd897249ae3d2b3822f05f86846f9d3dfe9f750e96b362
- SHA512
  
  c68e905289f1c6311b32084e55015adb97451a183aa4c228f320957b4b2fccaf6a4fa930d880632e03d44d77e8ab5fb51014cf33c0cdafae1c5e179faf51ab86
- SSDEEP
  
  96:5W9ZUDRCWmCqm9RYs8A3CNiLUB2cZmNwMwGgSe3OhTy/33s1l/S:0ulhc0222zGgJ3OhTy/cS
Score

10^/10

persistence
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2