e0cdcd73e96fece8934d3c397ecbcacf3c272407b6ad3a71ff5023883e9a29b2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7904303cb212c648c283b26660fc36f1_JaffaCakes118
Size

312KB
Sample

240727-wc6xxs1crn
MD5

7904303cb212c648c283b26660fc36f1
SHA1

655dc2f8ef5db71246b45db18bdc86c648162664
SHA256

e0cdcd73e96fece8934d3c397ecbcacf3c272407b6ad3a71ff5023883e9a29b2
SHA512

269750d3c3d25ee2b67c776bdb918eebcc076aca3745001c7490e2d5d21d9d37dfebf2635c6af6822c7090b58a7d4f5f79606444b6c007a7d7f8ee8e5990b785
SSDEEP

6144:zqJI7kpugapmvm2fLgfs+VROEwo5dxgRIyG8gB:WO7cJpO6gkw5wemIy

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  7904303cb212c648c283b26660fc36f1_JaffaCakes118
- Size
  
  312KB
- MD5
  
  7904303cb212c648c283b26660fc36f1
- SHA1
  
  655dc2f8ef5db71246b45db18bdc86c648162664
- SHA256
  
  e0cdcd73e96fece8934d3c397ecbcacf3c272407b6ad3a71ff5023883e9a29b2
- SHA512
  
  269750d3c3d25ee2b67c776bdb918eebcc076aca3745001c7490e2d5d21d9d37dfebf2635c6af6822c7090b58a7d4f5f79606444b6c007a7d7f8ee8e5990b785
- SSDEEP
  
  6144:zqJI7kpugapmvm2fLgfs+VROEwo5dxgRIyG8gB:WO7cJpO6gkw5wemIy
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence