General

  • Target

    bce954f422e15aea97f256e690894085_JaffaCakes118

  • Size

    780KB

  • Sample

    240618-t3e6sawank

  • MD5

    bce954f422e15aea97f256e690894085

  • SHA1

    fbbd9415203c187a0e2ad90c0399015964cb8ce2

  • SHA256

    283a6aa481e63c0aefd46004cb5b127a58d1102edc78784404491f64b45f579a

  • SHA512

    81f9e12c87e5f8ffecf12e3e7af11a798174ed5fdc3cf0de11d63ba13141d1b2f776773ff7c600cce005b810ba7219c8771061619ba43854427a1c940c87e050

  • SSDEEP

    24576:qhiDoNJQWSSoPyKUq/XqcUHl0qmzJ8sYSc8O:eiDPWSS8yKUiXqcX/G1mO

Malware Config

Targets

    • Target

      bce954f422e15aea97f256e690894085_JaffaCakes118

    • Size

      780KB

    • MD5

      bce954f422e15aea97f256e690894085

    • SHA1

      fbbd9415203c187a0e2ad90c0399015964cb8ce2

    • SHA256

      283a6aa481e63c0aefd46004cb5b127a58d1102edc78784404491f64b45f579a

    • SHA512

      81f9e12c87e5f8ffecf12e3e7af11a798174ed5fdc3cf0de11d63ba13141d1b2f776773ff7c600cce005b810ba7219c8771061619ba43854427a1c940c87e050

    • SSDEEP

      24576:qhiDoNJQWSSoPyKUq/XqcUHl0qmzJ8sYSc8O:eiDPWSS8yKUiXqcX/G1mO

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks