1815d32f459da66379c6e69488f7923a9626716e9cf0dad18ae2f2eeb239b5de | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd8406e5f523bf5596695582efdd8601_JaffaCakes118
Size

212KB
Sample

240625-kn4fdssfpl
MD5

bd8406e5f523bf5596695582efdd8601
SHA1

1fa3b9943c8cda859ffea497549592b98526c5f4
SHA256

1815d32f459da66379c6e69488f7923a9626716e9cf0dad18ae2f2eeb239b5de
SHA512

a937c7949a008b11655dd03064c81b3ee0c38e1cb5055b930e9f2efc94f1d3ea91bd2da6ac6a6479d1574451465a0783d501cb11e2fa39063206479c176e8d3f
SSDEEP

6144:jZdHcXFZurB5NpCSQj6lk1xWOi/IKfJfu88bo:sXFW/Nolj6G+wKhes

Score

9^/10

defense_evasion execution impact persistence ransomware

Malware Config

Targets

- Target
  
  my_resume_pdf_id-5315-2423-293.scr
- Size
  
  276KB
- MD5
  
  babf8d4ab9d0b648ad7f9f451b81273e
- SHA1
  
  9732a298d0679e223389382bac374ddde42ef91d
- SHA256
  
  ee0a41cf6a814eed2abfcaa848513529169164065c8b43856128e1586e10a977
- SHA512
  
  201013ad4d9f7079d14599433122d35e9e7257cbf1c37fb8f267cb8f739419ec8d749ad5caee3069fc125140f02a4b1ac7ec6e7449a2a90ca80474da3b3e0804
- SSDEEP
  
  6144:QKyPkzckd4oJC5HcXF/urB5NpgSQj6Xk1xWOi/IKfJfbGMqz:Q+2EXFU/NSlj6AswKhDq
Score

9^/10

defense_evasion execution impact persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

defense_evasionexecutionimpactpersistenceransomware

behavioral2