946ea42af8a12e182f10d05a133a502e9c63164610c948eed8b19c2207da5a2f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

adfe86f89b3ee7776b74a6498fb1f9ea_JaffaCakes118
Size

458KB
Sample

240615-mh85ssxckd
MD5

adfe86f89b3ee7776b74a6498fb1f9ea
SHA1

e5e265b589a4bad07a4aa3788d5d7018e0d94360
SHA256

946ea42af8a12e182f10d05a133a502e9c63164610c948eed8b19c2207da5a2f
SHA512

de7097784f7598069ab1ca5855286d93cc1e6ca1aa65813e938ba8129d5c8078372580efbd82e67f337974c36ea294aaaf2dd5e5e8719d6360c4d5ec88db76f9
SSDEEP

6144:UZfec9EbXDk6RkdKJrG1VVE+IRuHOJrG1VVE+IRE2ESUF4OBS:UZWtI6Rkcu9O9u1Sa4OA

Score

10^/10

evasion execution persistence

Malware Config

Targets

- Target
  
  adfe86f89b3ee7776b74a6498fb1f9ea_JaffaCakes118
- Size
  
  458KB
- MD5
  
  adfe86f89b3ee7776b74a6498fb1f9ea
- SHA1
  
  e5e265b589a4bad07a4aa3788d5d7018e0d94360
- SHA256
  
  946ea42af8a12e182f10d05a133a502e9c63164610c948eed8b19c2207da5a2f
- SHA512
  
  de7097784f7598069ab1ca5855286d93cc1e6ca1aa65813e938ba8129d5c8078372580efbd82e67f337974c36ea294aaaf2dd5e5e8719d6360c4d5ec88db76f9
- SSDEEP
  
  6144:UZfec9EbXDk6RkdKJrG1VVE+IRuHOJrG1VVE+IRE2ESUF4OBS:UZWtI6Rkcu9O9u1Sa4OA
Score

10^/10

evasion execution persistence
- Disables service(s)
  evasion execution
- Modifies visibility of file extensions in Explorer
  evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionpersistence

behavioral2

evasionexecutionpersistence