70b4f96142dff1ee461be631ac40e1ded2b425dd1223d2e1d7f89f6513ca7372 | Triage

Sharing

General

Target

3de39d311293a9cdbef5e557b92ddf61_JaffaCakes118
Size

387KB
Sample

240712-sl2ssaygmp
MD5

3de39d311293a9cdbef5e557b92ddf61
SHA1

9bc9f526f22861325ef6aa558db2ef16ef6a9cbc
SHA256

70b4f96142dff1ee461be631ac40e1ded2b425dd1223d2e1d7f89f6513ca7372
SHA512

e5b79492f8dacc82acdfaeb753baefb8235ec9e067a080840f92abb874608ecc6421625768588b4cfbf997e9eefb0ee5f3a429da3db7c84ccf002ecb25da3227
SSDEEP

6144:I9TMlSVMM9TOEvtruUnIKvS+eWjpMSRjiQgSsDlS+jlS:IhnHhBt6UnIceEs

Score

7^/10

Malware Config

Targets

- Target
  
  3de39d311293a9cdbef5e557b92ddf61_JaffaCakes118
- Size
  
  387KB
- MD5
  
  3de39d311293a9cdbef5e557b92ddf61
- SHA1
  
  9bc9f526f22861325ef6aa558db2ef16ef6a9cbc
- SHA256
  
  70b4f96142dff1ee461be631ac40e1ded2b425dd1223d2e1d7f89f6513ca7372
- SHA512
  
  e5b79492f8dacc82acdfaeb753baefb8235ec9e067a080840f92abb874608ecc6421625768588b4cfbf997e9eefb0ee5f3a429da3db7c84ccf002ecb25da3227
- SSDEEP
  
  6144:I9TMlSVMM9TOEvtruUnIKvS+eWjpMSRjiQgSsDlS+jlS:IhnHhBt6UnIceEs
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2