2018736eacc9d84fea20d31c2e5e1d1762103fcb9bc86c254c1415cb5b6eee14 | Triage

Sharing

General

Target

3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118
Size

124KB
Sample

240712-1dm9es1cpq
MD5

3ef580bb31a7a0ecd419e88de1df9a12
SHA1

451fef47679a39cc218facef5b50c75e8680ac9c
SHA256

2018736eacc9d84fea20d31c2e5e1d1762103fcb9bc86c254c1415cb5b6eee14
SHA512

11b856abc6722381afe41ae141dfcb66cca5bc8531c5bd01f26969757ad347e127b1e0853ed3110696dcf2487b1b329a84f724fa58c16598db535906cab48ee2
SSDEEP

3072:ILNVA/8MGsysgMXU6niwnyTfv/AZW7uPeEgyK+or:YM1GLsjijTfvIZWueHj

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  3ef580bb31a7a0ecd419e88de1df9a12_JaffaCakes118
- Size
  
  124KB
- MD5
  
  3ef580bb31a7a0ecd419e88de1df9a12
- SHA1
  
  451fef47679a39cc218facef5b50c75e8680ac9c
- SHA256
  
  2018736eacc9d84fea20d31c2e5e1d1762103fcb9bc86c254c1415cb5b6eee14
- SHA512
  
  11b856abc6722381afe41ae141dfcb66cca5bc8531c5bd01f26969757ad347e127b1e0853ed3110696dcf2487b1b329a84f724fa58c16598db535906cab48ee2
- SSDEEP
  
  3072:ILNVA/8MGsysgMXU6niwnyTfv/AZW7uPeEgyK+or:YM1GLsjijTfvIZWueHj
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2