706472cbbdef4466daeb26f516ae07c24579394e039766f93bf7ab1bfe116e08 | Triage

Sharing

General

Target

72f5de21bef8e2caaf636074c3e72720_JaffaCakes118
Size

252KB
Sample

240726-heb9fasaqp
MD5

72f5de21bef8e2caaf636074c3e72720
SHA1

bae0d8fb563355fbdc818f9d0f789ee10219e584
SHA256

706472cbbdef4466daeb26f516ae07c24579394e039766f93bf7ab1bfe116e08
SHA512

78045460e5d537d600f937fde73f9685578cf0dd087a86cf61127f19e24737b6054226d162e4eeb54eaa6fd23956c40ad2042de98bf71ac56b360d0be3c9d75e
SSDEEP

6144:LW57hEh0jrC9DzzsDeEssXPBQA6Onn42VW0dkm4o:L47scokPPBQnOn4j0km4o

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  72f5de21bef8e2caaf636074c3e72720_JaffaCakes118
- Size
  
  252KB
- MD5
  
  72f5de21bef8e2caaf636074c3e72720
- SHA1
  
  bae0d8fb563355fbdc818f9d0f789ee10219e584
- SHA256
  
  706472cbbdef4466daeb26f516ae07c24579394e039766f93bf7ab1bfe116e08
- SHA512
  
  78045460e5d537d600f937fde73f9685578cf0dd087a86cf61127f19e24737b6054226d162e4eeb54eaa6fd23956c40ad2042de98bf71ac56b360d0be3c9d75e
- SSDEEP
  
  6144:LW57hEh0jrC9DzzsDeEssXPBQA6Onn42VW0dkm4o:L47scokPPBQnOn4j0km4o
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence