70888da1e4742ba9c39375af1a929736f519e4b7d85ffe5595404f067dcea399 | Triage

Sharing

General

Target

4be8ed86e17763d30115400b9bfdb325_JaffaCakes118
Size

298KB
Sample

240715-3n584axfma
MD5

4be8ed86e17763d30115400b9bfdb325
SHA1

e838fb964812f7185a0d4d11373f63cc55b98e05
SHA256

70888da1e4742ba9c39375af1a929736f519e4b7d85ffe5595404f067dcea399
SHA512

da69abf8d9412a1b6c8367c5e6e7fe9fe7edf86439996c9f6cf049d6f0d9a239ab6ea95e305d9ef5c95a70240ee2af2945d992c2a2a4ab12cf8955cbdcb71ceb
SSDEEP

6144:yRHUlXZmcUtyKNVwWJcsf3r1qfw9EYjOUt6f8H0p1SpaFqed:ZmcUtHbcsPpCw+LUkqA1D

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  4be8ed86e17763d30115400b9bfdb325_JaffaCakes118
- Size
  
  298KB
- MD5
  
  4be8ed86e17763d30115400b9bfdb325
- SHA1
  
  e838fb964812f7185a0d4d11373f63cc55b98e05
- SHA256
  
  70888da1e4742ba9c39375af1a929736f519e4b7d85ffe5595404f067dcea399
- SHA512
  
  da69abf8d9412a1b6c8367c5e6e7fe9fe7edf86439996c9f6cf049d6f0d9a239ab6ea95e305d9ef5c95a70240ee2af2945d992c2a2a4ab12cf8955cbdcb71ceb
- SSDEEP
  
  6144:yRHUlXZmcUtyKNVwWJcsf3r1qfw9EYjOUt6f8H0p1SpaFqed:ZmcUtHbcsPpCw+LUkqA1D
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2