General

  • Target

    bcd34f0ab73961132fce13092b7f73fd_JaffaCakes118

  • Size

    703KB

  • Sample

    240618-tm7k4a1arh

  • MD5

    bcd34f0ab73961132fce13092b7f73fd

  • SHA1

    9395536b2d169fbb9df5eb2db014e68cd9b4ed32

  • SHA256

    8fd604b5bab1332d95425a66557a004194abd7978afaed6c8dd0a3532b3b5ce2

  • SHA512

    3baa6896f97775dfe857ece13f2f9ddd2fd4a2ee183a72e6793dbeaeefbbd29815c360f0c116974ad749737221ba216a0a1e4a12e7b694ac5e53c4a872bb345a

  • SSDEEP

    12288:YviyjlMsGhLqVjJ/gaTbiO/7hlS85TMalRU24LJgyo/30pFfhdC24WW:cYLqv/gaTbisSqrQL6yoQfhdC24WW

Malware Config

Targets

    • Target

      bcd34f0ab73961132fce13092b7f73fd_JaffaCakes118

    • Size

      703KB

    • MD5

      bcd34f0ab73961132fce13092b7f73fd

    • SHA1

      9395536b2d169fbb9df5eb2db014e68cd9b4ed32

    • SHA256

      8fd604b5bab1332d95425a66557a004194abd7978afaed6c8dd0a3532b3b5ce2

    • SHA512

      3baa6896f97775dfe857ece13f2f9ddd2fd4a2ee183a72e6793dbeaeefbbd29815c360f0c116974ad749737221ba216a0a1e4a12e7b694ac5e53c4a872bb345a

    • SSDEEP

      12288:YviyjlMsGhLqVjJ/gaTbiO/7hlS85TMalRU24LJgyo/30pFfhdC24WW:cYLqv/gaTbisSqrQL6yoQfhdC24WW

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks