General

  • Target

    bcd56f2af48c775064d621e125cef045_JaffaCakes118

  • Size

    805KB

  • Sample

    240618-tpj8ksvepq

  • MD5

    bcd56f2af48c775064d621e125cef045

  • SHA1

    1a35e18612e6dfb69b9b23bfa11da881a3ab4162

  • SHA256

    0b4a71e0151cb9590e4ff0897058a87b8fa24e191250d23ae11fa8878adb6deb

  • SHA512

    0ab17ce4561c8eb1be57a39b9e5bb643a01a623bea30f7df1dadd83617ef1173d05013536c7250b4419107e2cd2022ccb2a2d118c63eb5a736638996390aa471

  • SSDEEP

    24576:ESPv9lhGi0PJg6nppU1iFzPYVJK57/ciyV26B4:EKcJ5PqK57K4

Malware Config

Targets

    • Target

      bcd56f2af48c775064d621e125cef045_JaffaCakes118

    • Size

      805KB

    • MD5

      bcd56f2af48c775064d621e125cef045

    • SHA1

      1a35e18612e6dfb69b9b23bfa11da881a3ab4162

    • SHA256

      0b4a71e0151cb9590e4ff0897058a87b8fa24e191250d23ae11fa8878adb6deb

    • SHA512

      0ab17ce4561c8eb1be57a39b9e5bb643a01a623bea30f7df1dadd83617ef1173d05013536c7250b4419107e2cd2022ccb2a2d118c63eb5a736638996390aa471

    • SSDEEP

      24576:ESPv9lhGi0PJg6nppU1iFzPYVJK57/ciyV26B4:EKcJ5PqK57K4

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks