d613dd30029dce010ae78cc0031e06cf3a135211e451f1c17cec2fb5ae47b4ae | Triage

Sharing

General

Target

2e03d162d49126b0b0cc6af5bf308c85_JaffaCakes118
Size

160KB
Sample

240708-17tnas1hnq
MD5

2e03d162d49126b0b0cc6af5bf308c85
SHA1

86c3087e7cfc063985bd59de8ce9a77439ceb944
SHA256

d613dd30029dce010ae78cc0031e06cf3a135211e451f1c17cec2fb5ae47b4ae
SHA512

0bc4f65ad39dd5060eba4f5ee2576c2d0f927c94d2f062b613ff99271aa059268ca45135a6194ec016cdf9693ac18d4d3f3f102c29152ccf92f6aab85533db9b
SSDEEP

3072:JJUUW8F6kkVdMnhB6/a2efD3qFZreqTC9QS0w351EEWr4jovWkZ:Ax6i/be+F1Kp1EFGxkZ

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  2e03d162d49126b0b0cc6af5bf308c85_JaffaCakes118
- Size
  
  160KB
- MD5
  
  2e03d162d49126b0b0cc6af5bf308c85
- SHA1
  
  86c3087e7cfc063985bd59de8ce9a77439ceb944
- SHA256
  
  d613dd30029dce010ae78cc0031e06cf3a135211e451f1c17cec2fb5ae47b4ae
- SHA512
  
  0bc4f65ad39dd5060eba4f5ee2576c2d0f927c94d2f062b613ff99271aa059268ca45135a6194ec016cdf9693ac18d4d3f3f102c29152ccf92f6aab85533db9b
- SSDEEP
  
  3072:JJUUW8F6kkVdMnhB6/a2efD3qFZreqTC9QS0w351EEWr4jovWkZ:Ax6i/be+F1Kp1EFGxkZ
Score

10^/10

evasion
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2