0481fdf58dd0b10d791d1c9e0813c66907dc07f5ce0257508bad7e2bd36d8273 | Triage

Sharing

General

Target

432d550faf4b1d7e70e728cd7d5a9300_JaffaCakes118
Size

129KB
Sample

240713-yzfqcsvhnl
MD5

432d550faf4b1d7e70e728cd7d5a9300
SHA1

5eb6b15d5908ef1b0e9d99cf8153abba710a99e1
SHA256

0481fdf58dd0b10d791d1c9e0813c66907dc07f5ce0257508bad7e2bd36d8273
SHA512

44f2d2d99daca02b5d6e74580fed863fa1a7e5019c502273ca9568757cc72e87ac911ace8df0707fcee3d4cc44397fdb6f74ff86bbcad9ca0a91a1586a56872e
SSDEEP

3072:2sgJKSs1RmJsduTgkafc+FCncd/jP0QeTbl0LbKKpLLgxYR3OL5PFn0wcccccccc:8gRz6+v+r0qK1+k30PFn0wcccccccc

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  432d550faf4b1d7e70e728cd7d5a9300_JaffaCakes118
- Size
  
  129KB
- MD5
  
  432d550faf4b1d7e70e728cd7d5a9300
- SHA1
  
  5eb6b15d5908ef1b0e9d99cf8153abba710a99e1
- SHA256
  
  0481fdf58dd0b10d791d1c9e0813c66907dc07f5ce0257508bad7e2bd36d8273
- SHA512
  
  44f2d2d99daca02b5d6e74580fed863fa1a7e5019c502273ca9568757cc72e87ac911ace8df0707fcee3d4cc44397fdb6f74ff86bbcad9ca0a91a1586a56872e
- SSDEEP
  
  3072:2sgJKSs1RmJsduTgkafc+FCncd/jP0QeTbl0LbKKpLLgxYR3OL5PFn0wcccccccc:8gRz6+v+r0qK1+k30PFn0wcccccccc
Score

8^/10

persistence
- Blocklisted process makes network request
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2