78a86d7921674b126d4a3e5e6513059cf75a847dee3e409a09f083c2d3376f78 | Triage

Sharing

General

Target

29a8e816886abe7054f5600210d040a1_JaffaCakes118
Size

998KB
Sample

240707-ce1n5s1alp
MD5

29a8e816886abe7054f5600210d040a1
SHA1

d5134831d99701195f0fecc30cc8ee8b891802cc
SHA256

78a86d7921674b126d4a3e5e6513059cf75a847dee3e409a09f083c2d3376f78
SHA512

d778dbedfaf1226a9b81960b4027ef040442391a38ae4132f11247814fa1772adf0d99389a2ced12faa91bcb706efd4b0a027d527a820ce42380bb7f75093770
SSDEEP

24576:IedqEi/4uK3Jfe+8PcAPiIhQk76kNil8FkC49GyJve4eg6pPhBLD:Ie81b9Fueg6PV

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  29a8e816886abe7054f5600210d040a1_JaffaCakes118
- Size
  
  998KB
- MD5
  
  29a8e816886abe7054f5600210d040a1
- SHA1
  
  d5134831d99701195f0fecc30cc8ee8b891802cc
- SHA256
  
  78a86d7921674b126d4a3e5e6513059cf75a847dee3e409a09f083c2d3376f78
- SHA512
  
  d778dbedfaf1226a9b81960b4027ef040442391a38ae4132f11247814fa1772adf0d99389a2ced12faa91bcb706efd4b0a027d527a820ce42380bb7f75093770
- SSDEEP
  
  24576:IedqEi/4uK3Jfe+8PcAPiIhQk76kNil8FkC49GyJve4eg6pPhBLD:Ie81b9Fueg6PV
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2