b094894ed1294c4f137ef2f4985d0d7cdaaf897daf282615780814f1aa41a958 | Triage

Sharing

General

Target

8ed377a4bb27a896cc51df618d9a1f4b_JaffaCakes118
Size

81KB
Sample

240602-vszywahd2s
MD5

8ed377a4bb27a896cc51df618d9a1f4b
SHA1

e6e0b772640ad52baa806e16911d2cf0093ce3e1
SHA256

b094894ed1294c4f137ef2f4985d0d7cdaaf897daf282615780814f1aa41a958
SHA512

eac4b792e89c344ec21f7842664d13dc56f260cc4a5b333c2306ee42ad41b333db02260b61f6e5446dd695506e9b5ebcef3c228dcb80608ecb5dbc476947a80e
SSDEEP

1536:xFqsQSZRzMfmCj/5gXVV66VyUD6CS3f1Tqo:TnZRzImCr5glVLgUDBk1uo

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  8ed377a4bb27a896cc51df618d9a1f4b_JaffaCakes118
- Size
  
  81KB
- MD5
  
  8ed377a4bb27a896cc51df618d9a1f4b
- SHA1
  
  e6e0b772640ad52baa806e16911d2cf0093ce3e1
- SHA256
  
  b094894ed1294c4f137ef2f4985d0d7cdaaf897daf282615780814f1aa41a958
- SHA512
  
  eac4b792e89c344ec21f7842664d13dc56f260cc4a5b333c2306ee42ad41b333db02260b61f6e5446dd695506e9b5ebcef3c228dcb80608ecb5dbc476947a80e
- SSDEEP
  
  1536:xFqsQSZRzMfmCj/5gXVV66VyUD6CS3f1Tqo:TnZRzImCr5glVLgUDBk1uo
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Sets service image path in registry
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2