Overview

overview

10

Static

static

3

7418ac8d9c...18.exe

windows7-x64

10

7418ac8d9c...18.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    7418ac8d9c17eafd9d8a23530a548a11_JaffaCakes118

  • Size

    31KB

  • Sample

    240726-pwkqgayarn

  • MD5

    7418ac8d9c17eafd9d8a23530a548a11

  • SHA1

    2f8bb96c0cdbda9c6af8ad6bd5e1c72c2a5d3902

  • SHA256

    e7bfb97997c6e9afbd11c0be8cf7bae3d6285239ec1b9d3a8aea2e8ef59a2f0a

  • SHA512

    f56c9c17f7218cc419bd21e9f8989aa6a54cadfedaf5f22fe15b510965e088fc601a6284eed835db4a860e6529f1542c586d60ee8c7c04e40e33577005207224

  • SSDEEP

    768:hrdh4gRPdt3QW2Fx1Zk+7j0ynwnbcuyD7UZug:hrdl2n1KIxwnouy8cg

Score
10/10
discoveryevasionexecutionpersistencetrojan

Malware Config

Targets

    • Target

      7418ac8d9c17eafd9d8a23530a548a11_JaffaCakes118

    • Size

      31KB

    • MD5

      7418ac8d9c17eafd9d8a23530a548a11

    • SHA1

      2f8bb96c0cdbda9c6af8ad6bd5e1c72c2a5d3902

    • SHA256

      e7bfb97997c6e9afbd11c0be8cf7bae3d6285239ec1b9d3a8aea2e8ef59a2f0a

    • SHA512

      f56c9c17f7218cc419bd21e9f8989aa6a54cadfedaf5f22fe15b510965e088fc601a6284eed835db4a860e6529f1542c586d60ee8c7c04e40e33577005207224

    • SSDEEP

      768:hrdh4gRPdt3QW2Fx1Zk+7j0ynwnbcuyD7UZug:hrdl2n1KIxwnouy8cg

    Score
    10/10
    discoveryevasionexecutionpersistencetrojan

    • UAC bypass

      evasiontrojan

    • Stops running service(s)

      evasionexecution

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

2
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

3
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

1
T1489

Tasks