3b30d8f7f23724a312e25a9ff1506accc6022abadc4e1c4d58f2f6b32083a740 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c55290b6662d450690d0e353e416f5a_JaffaCakes118
Size

376KB
Sample

240520-a46kksca3t
MD5

5c55290b6662d450690d0e353e416f5a
SHA1

3a69791e48416af6cd479134ea320910fdde804d
SHA256

3b30d8f7f23724a312e25a9ff1506accc6022abadc4e1c4d58f2f6b32083a740
SHA512

756b55de4ab4c2e14570de2b3b00a973361a58dacdaefafd6bcdd628b4a6e9478fbe6870381a720ec15daebc76a7a913df9f30265b47a10d0000e9875734b5b9
SSDEEP

6144:UZfec9EbXDk6RkdKJrG1VVE+I5E2Ernmy+g4n:UZWtI6RkcuVrW

Score

10^/10

evasion execution persistence

Malware Config

Targets

- Target
  
  5c55290b6662d450690d0e353e416f5a_JaffaCakes118
- Size
  
  376KB
- MD5
  
  5c55290b6662d450690d0e353e416f5a
- SHA1
  
  3a69791e48416af6cd479134ea320910fdde804d
- SHA256
  
  3b30d8f7f23724a312e25a9ff1506accc6022abadc4e1c4d58f2f6b32083a740
- SHA512
  
  756b55de4ab4c2e14570de2b3b00a973361a58dacdaefafd6bcdd628b4a6e9478fbe6870381a720ec15daebc76a7a913df9f30265b47a10d0000e9875734b5b9
- SSDEEP
  
  6144:UZfec9EbXDk6RkdKJrG1VVE+I5E2Ernmy+g4n:UZWtI6RkcuVrW
Score

10^/10

evasion execution persistence
- Disables service(s)
  evasion execution
- Modifies visibility of file extensions in Explorer
  evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionpersistence

behavioral2

evasionexecutionpersistence