991a2d3b80a6d1d2922a90d2a02d6a7612c12eb520828d7cfb66fb94967609cd | Triage

Sharing

General

Target

68dadb94945106ca227e28a2efa43c7b_JaffaCakes118
Size

2.4MB
Sample

240522-2ek15abc9v
MD5

68dadb94945106ca227e28a2efa43c7b
SHA1

0ef7c43af35efa07328d8c0edb44364c422f3858
SHA256

991a2d3b80a6d1d2922a90d2a02d6a7612c12eb520828d7cfb66fb94967609cd
SHA512

104a6263ad334cfc313c833b0890e8ea6645601051a7aa61b5106e7294902c3aabddfbb9e1120a8997cc39a91dd8e65f9d0e130eda7cfb351491603b723ba058
SSDEEP

24576:UuhaKOA2eZJ8NI8NahxATDKnxYaXJi2Y3MpbwnCvzb4cbmYdTyVD/2TrTxGFHDUt:bj8NKeTDkYOMwwnMb4PmyVTG/sVsUu

Score

10^/10

evasion execution persistence

Malware Config

Targets

- Target
  
  68dadb94945106ca227e28a2efa43c7b_JaffaCakes118
- Size
  
  2.4MB
- MD5
  
  68dadb94945106ca227e28a2efa43c7b
- SHA1
  
  0ef7c43af35efa07328d8c0edb44364c422f3858
- SHA256
  
  991a2d3b80a6d1d2922a90d2a02d6a7612c12eb520828d7cfb66fb94967609cd
- SHA512
  
  104a6263ad334cfc313c833b0890e8ea6645601051a7aa61b5106e7294902c3aabddfbb9e1120a8997cc39a91dd8e65f9d0e130eda7cfb351491603b723ba058
- SSDEEP
  
  24576:UuhaKOA2eZJ8NI8NahxATDKnxYaXJi2Y3MpbwnCvzb4cbmYdTyVD/2TrTxGFHDUt:bj8NKeTDkYOMwwnMb4PmyVTG/sVsUu
Score

10^/10

evasion execution persistence
- Disables service(s)
  evasion execution
- Modifies visibility of file extensions in Explorer
  evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionpersistence

behavioral2

evasionexecutionpersistence