2629031a606c814f5c617050e3a6ead2acd4cda6c952fc07177f73047accf665 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

373342b921e9ab50585723a9d5859614_JaffaCakes118
Size

22KB
Sample

240711-bwbwns1dqr
MD5

373342b921e9ab50585723a9d5859614
SHA1

fb6e06c038b18d86fc5ea598f6927fbba52d5696
SHA256

2629031a606c814f5c617050e3a6ead2acd4cda6c952fc07177f73047accf665
SHA512

9b98576730282d398b7f9095beb2dcdcfc3bf86272aa08ba977163313f42371b287af4d77650af0aee92d8a3e32768e324e81d39045493a2a883fc58485c4d1e
SSDEEP

384:ExlvaZkoVckkwmhzzg9wCqp2igWvvTowsFrDe5n/t0OQ2X9HY8H7ZAybevVirAev:EOZ+jggjsw/t0OH7qxvVirxF

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  373342b921e9ab50585723a9d5859614_JaffaCakes118
- Size
  
  22KB
- MD5
  
  373342b921e9ab50585723a9d5859614
- SHA1
  
  fb6e06c038b18d86fc5ea598f6927fbba52d5696
- SHA256
  
  2629031a606c814f5c617050e3a6ead2acd4cda6c952fc07177f73047accf665
- SHA512
  
  9b98576730282d398b7f9095beb2dcdcfc3bf86272aa08ba977163313f42371b287af4d77650af0aee92d8a3e32768e324e81d39045493a2a883fc58485c4d1e
- SSDEEP
  
  384:ExlvaZkoVckkwmhzzg9wCqp2igWvvTowsFrDe5n/t0OQ2X9HY8H7ZAybevVirAev:EOZ+jggjsw/t0OH7qxvVirxF
Score

10^/10

discovery persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2