617054cd3aa02edc6d8db10f3e489c83faf823274739a6bd7f681bd81981dd1b | Triage

Sharing

General

Target

25594fc3e4bcec8de6c2a9ff963f27e5_JaffaCakes118
Size

122KB
Sample

240704-kvhr9stamj
MD5

25594fc3e4bcec8de6c2a9ff963f27e5
SHA1

4a30d9ecc2f684c9c52f2d8b4539b4d33c180874
SHA256

617054cd3aa02edc6d8db10f3e489c83faf823274739a6bd7f681bd81981dd1b
SHA512

7344ff976986277bae261e842698e7fe756562e5d893817a9fe0e66530bc9fdd3ba584239f940bba487afb36a6f432f6e17b5a748e525df1bd930cf9255410aa
SSDEEP

3072:4nbJpEypKc+JjCc3Jcy006iSmmG/6icKdYlO1:KbJpd6GcOrmmi9cKd2O1

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  25594fc3e4bcec8de6c2a9ff963f27e5_JaffaCakes118
- Size
  
  122KB
- MD5
  
  25594fc3e4bcec8de6c2a9ff963f27e5
- SHA1
  
  4a30d9ecc2f684c9c52f2d8b4539b4d33c180874
- SHA256
  
  617054cd3aa02edc6d8db10f3e489c83faf823274739a6bd7f681bd81981dd1b
- SHA512
  
  7344ff976986277bae261e842698e7fe756562e5d893817a9fe0e66530bc9fdd3ba584239f940bba487afb36a6f432f6e17b5a748e525df1bd930cf9255410aa
- SSDEEP
  
  3072:4nbJpEypKc+JjCc3Jcy006iSmmG/6icKdYlO1:KbJpd6GcOrmmi9cKd2O1
Score

8^/10

persistence
- Blocklisted process makes network request
- Sets service image path in registry
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2