dc270d82b4639c4783ab2469e8428cfb979921035502d6ee3002f0d839d82c6c | Triage

Sharing

General

Target

1a0f363e69c03fe992e6a28cf4823815_JaffaCakes118
Size

168KB
Sample

240628-pbfk1sydnh
MD5

1a0f363e69c03fe992e6a28cf4823815
SHA1

4a6aa3f65685d4b4f896288f8a96047e6ae3166b
SHA256

dc270d82b4639c4783ab2469e8428cfb979921035502d6ee3002f0d839d82c6c
SHA512

e3adf529db0c04d6b73d95efa4451f7ac36387615c388039520989b2969edde740797490f14481015a96ff11ac0ff435de4bdf59a54336fea21acc110ae2f2e0
SSDEEP

3072:gLuC9XN6Q22l61bgI3fZD5uA9vfB0q1wdNp9Txfs5Bw0/Cq:M9d6Qdl8ffv4fp9T0BzN

Score

7^/10

Malware Config

Targets

- Target
  
  1a0f363e69c03fe992e6a28cf4823815_JaffaCakes118
- Size
  
  168KB
- MD5
  
  1a0f363e69c03fe992e6a28cf4823815
- SHA1
  
  4a6aa3f65685d4b4f896288f8a96047e6ae3166b
- SHA256
  
  dc270d82b4639c4783ab2469e8428cfb979921035502d6ee3002f0d839d82c6c
- SHA512
  
  e3adf529db0c04d6b73d95efa4451f7ac36387615c388039520989b2969edde740797490f14481015a96ff11ac0ff435de4bdf59a54336fea21acc110ae2f2e0
- SSDEEP
  
  3072:gLuC9XN6Q22l61bgI3fZD5uA9vfB0q1wdNp9Txfs5Bw0/Cq:M9d6Qdl8ffv4fp9T0BzN
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2