499b29009c1d651da0c19d1a5cebd86b7a78a31df88d631f6bc3ce76d9726b3f | Triage

Sharing

General

Target

3a7626d876f888a56546cb561740451d_JaffaCakes118
Size

68KB
Sample

240711-x919datcja
MD5

3a7626d876f888a56546cb561740451d
SHA1

97b9f61c482b66460e720fe918df747407babbe0
SHA256

499b29009c1d651da0c19d1a5cebd86b7a78a31df88d631f6bc3ce76d9726b3f
SHA512

c236bf5f4442cc3249f0cd455c01626bb062d2b1e4657a89ce7f5c13103d741e1fb14af827a7e67adce01bed3c1e9a3f9fff74ee625e866fa377c969479f575e
SSDEEP

768:pcbHcXd06GobGyYhvzhc51bmk1IZf+j7PI77jPUpjL26YQxZNJwRLut:YHcXdwhc51bmkGMASL26YQBKut

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  3a7626d876f888a56546cb561740451d_JaffaCakes118
- Size
  
  68KB
- MD5
  
  3a7626d876f888a56546cb561740451d
- SHA1
  
  97b9f61c482b66460e720fe918df747407babbe0
- SHA256
  
  499b29009c1d651da0c19d1a5cebd86b7a78a31df88d631f6bc3ce76d9726b3f
- SHA512
  
  c236bf5f4442cc3249f0cd455c01626bb062d2b1e4657a89ce7f5c13103d741e1fb14af827a7e67adce01bed3c1e9a3f9fff74ee625e866fa377c969479f575e
- SSDEEP
  
  768:pcbHcXd06GobGyYhvzhc51bmk1IZf+j7PI77jPUpjL26YQxZNJwRLut:YHcXdwhc51bmkGMASL26YQBKut
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2