29485e0c9e37a279f8af705ce9b2d863d7e3926f2c1699bb0fa3568d5321963d | Triage

Sharing

General

Target

3d45815af210de32a4d9163af35401a6_JaffaCakes118
Size

26KB
Sample

240712-n2g14ascmr
MD5

3d45815af210de32a4d9163af35401a6
SHA1

75220793e60f8808d894cd6c6d19eaa3f91b42cd
SHA256

29485e0c9e37a279f8af705ce9b2d863d7e3926f2c1699bb0fa3568d5321963d
SHA512

bc8a91d39e8719b22e112ecdf2554bccf0ca723346ba4d8614b704544f35748adc60fbc0a1e6c17639613db23fb013088c6f639c8d14dbdf3f4fd3a89a3c3024
SSDEEP

384:eH8YCCrzjYCpvQ57Bk8u06IkHyt/OU6KxWCE8c6uE/wj:M8YHrz0Cu57q8uqkhkPfD//E

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  3d45815af210de32a4d9163af35401a6_JaffaCakes118
- Size
  
  26KB
- MD5
  
  3d45815af210de32a4d9163af35401a6
- SHA1
  
  75220793e60f8808d894cd6c6d19eaa3f91b42cd
- SHA256
  
  29485e0c9e37a279f8af705ce9b2d863d7e3926f2c1699bb0fa3568d5321963d
- SHA512
  
  bc8a91d39e8719b22e112ecdf2554bccf0ca723346ba4d8614b704544f35748adc60fbc0a1e6c17639613db23fb013088c6f639c8d14dbdf3f4fd3a89a3c3024
- SSDEEP
  
  384:eH8YCCrzjYCpvQ57Bk8u06IkHyt/OU6KxWCE8c6uE/wj:M8YHrz0Cu57q8uqkhkPfD//E
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2