ed07a209026e6ae33832e8873824dc9f1cbf06f2b7698255a0df7ee3ee356151 | Triage

Sharing

General

Target

4a1ccbaad9869a37a032fd2aa03be4a9_JaffaCakes118
Size

606KB
Sample

240715-r3qleaycpa
MD5

4a1ccbaad9869a37a032fd2aa03be4a9
SHA1

4d61795023c9c7d4040f6e7091325868ce3bedf4
SHA256

ed07a209026e6ae33832e8873824dc9f1cbf06f2b7698255a0df7ee3ee356151
SHA512

6a6c4345e8b1b324c8abec12ee91d48a32552cdfe7ef888c4f5feef88d22931e81db550ff49ad418a273b553881c0041d8a8a23812efeeedf74432300456006b
SSDEEP

12288:bdEK5HO2efzbp+o/txfaWF3Z4mxxp+43xU4Ak8hTbBUWfTc:bdEnLbn1vQmXt3x7l8ZVPc

Score

7^/10

defense_evasion persistence

Malware Config

Targets

- Target
  
  4a1ccbaad9869a37a032fd2aa03be4a9_JaffaCakes118
- Size
  
  606KB
- MD5
  
  4a1ccbaad9869a37a032fd2aa03be4a9
- SHA1
  
  4d61795023c9c7d4040f6e7091325868ce3bedf4
- SHA256
  
  ed07a209026e6ae33832e8873824dc9f1cbf06f2b7698255a0df7ee3ee356151
- SHA512
  
  6a6c4345e8b1b324c8abec12ee91d48a32552cdfe7ef888c4f5feef88d22931e81db550ff49ad418a273b553881c0041d8a8a23812efeeedf74432300456006b
- SSDEEP
  
  12288:bdEK5HO2efzbp+o/txfaWF3Z4mxxp+43xU4Ak8hTbBUWfTc:bdEnLbn1vQmXt3x7l8ZVPc
Score

7^/10

defense_evasion persistence
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Safe Mode Boot

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionpersistence

behavioral2

defense_evasionpersistence