4353946db1b75a44665f1d5b31ee8b8d22a244c1b3ff883bb5b8f721c6bf8d07 | Triage

Sharing

General

Target

345594d950e75ee803712a800a2fd228_JaffaCakes118
Size

11KB
Sample

240710-mfkpesvanf
MD5

345594d950e75ee803712a800a2fd228
SHA1

d61a9e0b899ae54340028e274a200e36c9ee8484
SHA256

4353946db1b75a44665f1d5b31ee8b8d22a244c1b3ff883bb5b8f721c6bf8d07
SHA512

3bd474bb74bcb3f7f4c9854401acb9a9b4aeda1956cac5fda3a0baa219dbbec2acc793d129f02367b47ba655ac7bdfd9eed0319c5afe67775c8dafbd7792af5d
SSDEEP

192:bl8ar7TJjaROkOEGELOGHcR3TInOibY+5fbw3uz3GuyvPZxQTGqap:bl70JGMFnOibJVcQ3Kn0TrY

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  345594d950e75ee803712a800a2fd228_JaffaCakes118
- Size
  
  11KB
- MD5
  
  345594d950e75ee803712a800a2fd228
- SHA1
  
  d61a9e0b899ae54340028e274a200e36c9ee8484
- SHA256
  
  4353946db1b75a44665f1d5b31ee8b8d22a244c1b3ff883bb5b8f721c6bf8d07
- SHA512
  
  3bd474bb74bcb3f7f4c9854401acb9a9b4aeda1956cac5fda3a0baa219dbbec2acc793d129f02367b47ba655ac7bdfd9eed0319c5afe67775c8dafbd7792af5d
- SSDEEP
  
  192:bl8ar7TJjaROkOEGELOGHcR3TInOibY+5fbw3uz3GuyvPZxQTGqap:bl70JGMFnOibJVcQ3Kn0TrY
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2