8b6ff420df4b5c552ccb84c5a7c42b507288706809be2a90f0cbb8471d5dad79 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5debc73b7e8c32390ef14c8c7dce505f_JaffaCakes118
Size

628KB
Sample

240520-jjwz3sag91
MD5

5debc73b7e8c32390ef14c8c7dce505f
SHA1

3a5b04387ac5b324ee881b9fcaefea37203041ae
SHA256

8b6ff420df4b5c552ccb84c5a7c42b507288706809be2a90f0cbb8471d5dad79
SHA512

fcec71dba9c1465782ddcb0cbc57f8e4edea1850f05af35b0d41825693518f8ea4ca32a54a1093f684301f2f9b090e0a67c8af2fdbf2ad5c7744d0b24104f111
SSDEEP

6144:UZfec9EbXDk6RkdKJrG1VVE+IwrG1VVE+I5E2EorG1VVE+Ih/UOPSe570Szp3oRV:UZWtI6RkcunuVkupOB0ts/oYut

Score

10^/10

evasion execution persistence

Malware Config

Targets

- Target
  
  5debc73b7e8c32390ef14c8c7dce505f_JaffaCakes118
- Size
  
  628KB
- MD5
  
  5debc73b7e8c32390ef14c8c7dce505f
- SHA1
  
  3a5b04387ac5b324ee881b9fcaefea37203041ae
- SHA256
  
  8b6ff420df4b5c552ccb84c5a7c42b507288706809be2a90f0cbb8471d5dad79
- SHA512
  
  fcec71dba9c1465782ddcb0cbc57f8e4edea1850f05af35b0d41825693518f8ea4ca32a54a1093f684301f2f9b090e0a67c8af2fdbf2ad5c7744d0b24104f111
- SSDEEP
  
  6144:UZfec9EbXDk6RkdKJrG1VVE+IwrG1VVE+I5E2EorG1VVE+Ih/UOPSe570Szp3oRV:UZWtI6RkcunuVkupOB0ts/oYut
Score

10^/10

evasion execution persistence
- Disables service(s)
  evasion execution
- Modifies visibility of file extensions in Explorer
  evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionpersistence

behavioral2

evasionexecutionpersistence