Overview

overview

10

Static

static

3

6891f08afa...18.exe

windows7-x64

10

6891f08afa...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6891f08afa6336284ff48a76503b7082_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240522-zjtgysfh6z

  • MD5

    6891f08afa6336284ff48a76503b7082

  • SHA1

    9d60a8c79b55b3c60dc35a8cc9a16cca15beb321

  • SHA256

    140fa69c79592b496b66ff1d8b1d16098c8d1936df4fbdb5e436290e4f5c118a

  • SHA512

    4f69bba9a9f5f9b8f572f31472d4b23fd7ff17dd57769f1b5692b445168cac06b748d0047e98b8d37ecb1b8476c7181b6b6001c43ebf7a81263340f634d30960

  • SSDEEP

    24576:UuhayOaerQZb+md4wmNerQZb+md4wmWOoeZJ8NI8e:bTerQZbd2JerQZbd2p8e

Score
10/10
evasionexecutionpersistence

Malware Config

Targets

    • Target

      6891f08afa6336284ff48a76503b7082_JaffaCakes118

    • Size

      1.5MB

    • MD5

      6891f08afa6336284ff48a76503b7082

    • SHA1

      9d60a8c79b55b3c60dc35a8cc9a16cca15beb321

    • SHA256

      140fa69c79592b496b66ff1d8b1d16098c8d1936df4fbdb5e436290e4f5c118a

    • SHA512

      4f69bba9a9f5f9b8f572f31472d4b23fd7ff17dd57769f1b5692b445168cac06b748d0047e98b8d37ecb1b8476c7181b6b6001c43ebf7a81263340f634d30960

    • SSDEEP

      24576:UuhayOaerQZb+md4wmNerQZb+md4wmWOoeZJ8NI8e:bTerQZbd2JerQZbd2p8e

    Score
    10/10
    evasionexecutionpersistence

    • Disables service(s)

      evasionexecution

    • Modifies visibility of file extensions in Explorer

      evasion

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

      evasion

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

1
T1091

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Resource Development

Reconnaissance

Tasks