317cd7b284a8519b935c4c5bcbaa6c1e22441b52541e67a17ed6f117403d0324 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a7630ab8bb33394e813f5903b27ff8a_JaffaCakes118
Size

131KB
Sample

240711-x95lss1bqk
MD5

3a7630ab8bb33394e813f5903b27ff8a
SHA1

2fe3092d2daf584d47c3def5686283e273306391
SHA256

317cd7b284a8519b935c4c5bcbaa6c1e22441b52541e67a17ed6f117403d0324
SHA512

626e9f5693239dbbdd19bcb73a078efacd825f2e9ff2a3f439fa48f4dce4efeaa3eab1b2ef8e9906d6e4596b514164f3dab36e80ad01c29d08a52c4bb97c2a5e
SSDEEP

3072:1nj9jtfU+INndIc0JZtNbYC+BORCvKqEpaDnn2K0JRYKU:1jbei5zbYC+9hEenn2K0JSn

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  3a7630ab8bb33394e813f5903b27ff8a_JaffaCakes118
- Size
  
  131KB
- MD5
  
  3a7630ab8bb33394e813f5903b27ff8a
- SHA1
  
  2fe3092d2daf584d47c3def5686283e273306391
- SHA256
  
  317cd7b284a8519b935c4c5bcbaa6c1e22441b52541e67a17ed6f117403d0324
- SHA512
  
  626e9f5693239dbbdd19bcb73a078efacd825f2e9ff2a3f439fa48f4dce4efeaa3eab1b2ef8e9906d6e4596b514164f3dab36e80ad01c29d08a52c4bb97c2a5e
- SSDEEP
  
  3072:1nj9jtfU+INndIc0JZtNbYC+BORCvKqEpaDnn2K0JRYKU:1jbei5zbYC+9hEenn2K0JSn
Score

7^/10

persistence
- Boot or Logon Autostart Execution: Print Processors
  Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Print Processors

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Print Processors

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2