902d67ddbbc33eee3e075ebe56a1545a7db5ba1f894047e202cf63e406f6730a | Triage

Sharing

General

Target

827245af6c3bbb06d8eaac18a8297d67_JaffaCakes118
Size

49KB
Sample

240802-bf5tta1dqf
MD5

827245af6c3bbb06d8eaac18a8297d67
SHA1

99c50e4ac76a005d4471ee71fc91c3c152455ba8
SHA256

902d67ddbbc33eee3e075ebe56a1545a7db5ba1f894047e202cf63e406f6730a
SHA512

b4e47af41f8b4c58bcad274da81821f2fa6236cfede750a394644c46e231be699ce62dd77e9bce2d01b66eed716f8156d9028fa46dce21f2b9741eec294a8cfd
SSDEEP

768:Tgzuq4QESHNzw1FiN0Aklddir9nCV9G5mXQAbKZkRO5Q9mrlptwyOZr8wSwAatK:yuq4QTHNVvk/dm4QYgp1OZrXSfOK

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  827245af6c3bbb06d8eaac18a8297d67_JaffaCakes118
- Size
  
  49KB
- MD5
  
  827245af6c3bbb06d8eaac18a8297d67
- SHA1
  
  99c50e4ac76a005d4471ee71fc91c3c152455ba8
- SHA256
  
  902d67ddbbc33eee3e075ebe56a1545a7db5ba1f894047e202cf63e406f6730a
- SHA512
  
  b4e47af41f8b4c58bcad274da81821f2fa6236cfede750a394644c46e231be699ce62dd77e9bce2d01b66eed716f8156d9028fa46dce21f2b9741eec294a8cfd
- SSDEEP
  
  768:Tgzuq4QESHNzw1FiN0Aklddir9nCV9G5mXQAbKZkRO5Q9mrlptwyOZr8wSwAatK:yuq4QTHNVvk/dm4QYgp1OZrXSfOK
Score

7^/10

discovery
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2