2e2ef87d676c085e9c3e7f678112e9d1b90e19b69e533ea06c73803234031f04 | Triage

Sharing

General

Target

1675cea69186c152852118f47f915a35_JaffaCakes118
Size

420KB
Sample

240627-sh2cvaxalh
MD5

1675cea69186c152852118f47f915a35
SHA1

84c4a69d7f030736a97bcc0b29a1011e163c22a2
SHA256

2e2ef87d676c085e9c3e7f678112e9d1b90e19b69e533ea06c73803234031f04
SHA512

442774d5a56202212d32c8aa6dde1036c1d1c413a2b1ea6c1c00cc02ef649ec84b72383ec52dfb2704e13b9441da1d447b0fcf3e7d026bfd472748d1ff84ad3d
SSDEEP

6144:ZyXDrnPSUH9O923L+uf+amannB4sA4Z2DEVpITq4JE:ZyXDrnP1H9O9236uf7mknirDw4JE

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  1675cea69186c152852118f47f915a35_JaffaCakes118
- Size
  
  420KB
- MD5
  
  1675cea69186c152852118f47f915a35
- SHA1
  
  84c4a69d7f030736a97bcc0b29a1011e163c22a2
- SHA256
  
  2e2ef87d676c085e9c3e7f678112e9d1b90e19b69e533ea06c73803234031f04
- SHA512
  
  442774d5a56202212d32c8aa6dde1036c1d1c413a2b1ea6c1c00cc02ef649ec84b72383ec52dfb2704e13b9441da1d447b0fcf3e7d026bfd472748d1ff84ad3d
- SSDEEP
  
  6144:ZyXDrnPSUH9O923L+uf+amannB4sA4Z2DEVpITq4JE:ZyXDrnP1H9O9236uf7mknirDw4JE
Score

10^/10

evasion
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2