664e5da27778f359252a16dd945f28b19d6c77aaecb2a360414f3d9e5fdd761f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

435358d2b47cfed02e4abb2b3adb75aa_JaffaCakes118
Size

128KB
Sample

240713-zt6v2axblk
MD5

435358d2b47cfed02e4abb2b3adb75aa
SHA1

ff17d06766836171bab0c155716acc2cab7abf52
SHA256

664e5da27778f359252a16dd945f28b19d6c77aaecb2a360414f3d9e5fdd761f
SHA512

2f74170cdd02c497b016b026e5273f9cf89ef09f3d0e538d6cefeac83fe05805d70e2bd8e24bfb4b0bcb046dff63e58e158f43bb475febfc207b948051669242
SSDEEP

3072:IY1mAEmTj/J1Np9NKPw6bFy9iHagtXZCwf2U3OL5PFn0wcccccccc:IY1mdWNpP+I0H3lz2U30PFn0wccccccz

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  435358d2b47cfed02e4abb2b3adb75aa_JaffaCakes118
- Size
  
  128KB
- MD5
  
  435358d2b47cfed02e4abb2b3adb75aa
- SHA1
  
  ff17d06766836171bab0c155716acc2cab7abf52
- SHA256
  
  664e5da27778f359252a16dd945f28b19d6c77aaecb2a360414f3d9e5fdd761f
- SHA512
  
  2f74170cdd02c497b016b026e5273f9cf89ef09f3d0e538d6cefeac83fe05805d70e2bd8e24bfb4b0bcb046dff63e58e158f43bb475febfc207b948051669242
- SSDEEP
  
  3072:IY1mAEmTj/J1Np9NKPw6bFy9iHagtXZCwf2U3OL5PFn0wcccccccc:IY1mdWNpP+I0H3lz2U30PFn0wccccccz
Score

8^/10

persistence
- Blocklisted process makes network request
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2