d4748f12d7aa32a1bb9bdb45195975690552614244092de9f8c371cfcb72ed38 | Triage

Sharing

General

Target

48c5ea4e813e1518d26f92632f52b75a_JaffaCakes118
Size

49KB
Sample

240715-h5ahjaxelf
MD5

48c5ea4e813e1518d26f92632f52b75a
SHA1

9ae4aa4d6449e5f0f30267a19efe7853a5997f04
SHA256

d4748f12d7aa32a1bb9bdb45195975690552614244092de9f8c371cfcb72ed38
SHA512

7b877b8a139f363b3faa1c03fa2e80954081a0a2480a0effcaa0a9c6b8426b9a3a18f1eb3b641a4a702b4845cd68b274280dd8e904efa51908759f72de9faaa5
SSDEEP

1536:vnEkah9FisULYtapaO4IWzLhhHRCRuT/IdYr:vEr1ULYWaOQL/H4Qzr

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  48c5ea4e813e1518d26f92632f52b75a_JaffaCakes118
- Size
  
  49KB
- MD5
  
  48c5ea4e813e1518d26f92632f52b75a
- SHA1
  
  9ae4aa4d6449e5f0f30267a19efe7853a5997f04
- SHA256
  
  d4748f12d7aa32a1bb9bdb45195975690552614244092de9f8c371cfcb72ed38
- SHA512
  
  7b877b8a139f363b3faa1c03fa2e80954081a0a2480a0effcaa0a9c6b8426b9a3a18f1eb3b641a4a702b4845cd68b274280dd8e904efa51908759f72de9faaa5
- SSDEEP
  
  1536:vnEkah9FisULYtapaO4IWzLhhHRCRuT/IdYr:vEr1ULYWaOQL/H4Qzr
Score

8^/10

persistence
- Blocklisted process makes network request
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2