78034e9a3dd8996ba78ef9d6f1133a900ba5d18721402344b15c6547870e0e1f | Triage

Sharing

General

Target

2e3af73d9c3ac8d8573e72dedeca9c9d_JaffaCakes118
Size

731KB
Sample

240708-3krxasvcrr
MD5

2e3af73d9c3ac8d8573e72dedeca9c9d
SHA1

f0244ed5c446f173402ce28cbddb789aa6faaf1f
SHA256

78034e9a3dd8996ba78ef9d6f1133a900ba5d18721402344b15c6547870e0e1f
SHA512

45c958b6b6e0901d4d61694729b7f38d695534562251c5412e9f6d83a1debdd3d46f28d9fb384f91ed9f2c63d6c0f59e37d420a0ef2791f759f0a97d582af5b2
SSDEEP

12288:Jaingtd/9iCpVEZxzraxdUdpmNFmjnDgGeIttwoPR5pWZhAIRXHYnrmh:JaigD/ArravUdsNwnlFttwYQRXHYrmh

Score

8^/10

evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  2e3af73d9c3ac8d8573e72dedeca9c9d_JaffaCakes118
- Size
  
  731KB
- MD5
  
  2e3af73d9c3ac8d8573e72dedeca9c9d
- SHA1
  
  f0244ed5c446f173402ce28cbddb789aa6faaf1f
- SHA256
  
  78034e9a3dd8996ba78ef9d6f1133a900ba5d18721402344b15c6547870e0e1f
- SHA512
  
  45c958b6b6e0901d4d61694729b7f38d695534562251c5412e9f6d83a1debdd3d46f28d9fb384f91ed9f2c63d6c0f59e37d420a0ef2791f759f0a97d582af5b2
- SSDEEP
  
  12288:Jaingtd/9iCpVEZxzraxdUdpmNFmjnDgGeIttwoPR5pWZhAIRXHYnrmh:JaigD/ArravUdsNwnlFttwYQRXHYrmh
Score

8^/10

evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceprivilege_escalation

behavioral2

evasionpersistenceprivilege_escalation