d011a9afed467505da21033b83989a087c7b4e31f396d5c400a1b86c6b5a6854 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29f72f4dcf90bbed3760f744cf8168a2_JaffaCakes118
Size

40KB
Sample

240707-n9q9qs1grj
MD5

29f72f4dcf90bbed3760f744cf8168a2
SHA1

5f8109f0a2d90a6b0a958bea57e007a9664d1307
SHA256

d011a9afed467505da21033b83989a087c7b4e31f396d5c400a1b86c6b5a6854
SHA512

d84b00c37a14f0c45e6edb664a35f324e2add40596762f3c3733ab77df40504f4295e76774b0af8c2992802564ccc0f237753837fce710c713afb076450fd341
SSDEEP

768:SU77Rbfnh9Ye4tboIYrKiM/9vLmxDkoaWynn/weeinGfHum+cx0hw59p/VVOP1bS:SU7zye4t8uiMExZMnnYyGfHuEx0kpjOs

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  29f72f4dcf90bbed3760f744cf8168a2_JaffaCakes118
- Size
  
  40KB
- MD5
  
  29f72f4dcf90bbed3760f744cf8168a2
- SHA1
  
  5f8109f0a2d90a6b0a958bea57e007a9664d1307
- SHA256
  
  d011a9afed467505da21033b83989a087c7b4e31f396d5c400a1b86c6b5a6854
- SHA512
  
  d84b00c37a14f0c45e6edb664a35f324e2add40596762f3c3733ab77df40504f4295e76774b0af8c2992802564ccc0f237753837fce710c713afb076450fd341
- SSDEEP
  
  768:SU77Rbfnh9Ye4tboIYrKiM/9vLmxDkoaWynn/weeinGfHum+cx0hw59p/VVOP1bS:SU7zye4t8uiMExZMnnYyGfHuEx0kpjOs
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2