a69ed914e22d0c456dc682c5ac6c0ab1efc8f32cec03789af56d406f2ee8d02a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6ab3057eb883ca57b27c074362b6c35b_JaffaCakes118
Size

532KB
Sample

240724-h13cratfrl
MD5

6ab3057eb883ca57b27c074362b6c35b
SHA1

75122422f557a20171b8955d1b118149a5b04b95
SHA256

a69ed914e22d0c456dc682c5ac6c0ab1efc8f32cec03789af56d406f2ee8d02a
SHA512

98be79d1756696c29b4f3651ef8f1a95ae0edc0767881074ec2ecd1df3dd14d80c001115f9bf700edea8dc52a893a59495ab11e86b306bde22aabc749aee12e5
SSDEEP

12288:X++cdJTEkUKe2qB1RF1qiOmD80t6IIDmWJxwucXGFTd:XMNEChcx1qi9D80tXICrucSTd

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  6ab3057eb883ca57b27c074362b6c35b_JaffaCakes118
- Size
  
  532KB
- MD5
  
  6ab3057eb883ca57b27c074362b6c35b
- SHA1
  
  75122422f557a20171b8955d1b118149a5b04b95
- SHA256
  
  a69ed914e22d0c456dc682c5ac6c0ab1efc8f32cec03789af56d406f2ee8d02a
- SHA512
  
  98be79d1756696c29b4f3651ef8f1a95ae0edc0767881074ec2ecd1df3dd14d80c001115f9bf700edea8dc52a893a59495ab11e86b306bde22aabc749aee12e5
- SSDEEP
  
  12288:X++cdJTEkUKe2qB1RF1qiOmD80t6IIDmWJxwucXGFTd:XMNEChcx1qi9D80tXICrucSTd
Score

8^/10

discovery evasion persistence privilege_escalation
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2