b4f8e59f8da17344318d3c8ece75e6b8aae89869bd9fdccffa168db0887f6c5e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

83721eab206edc6c3c5af7acb5d12630_JaffaCakes118
Size

26KB
Sample

240802-hqdawasblp
MD5

83721eab206edc6c3c5af7acb5d12630
SHA1

d866ce82796043358c30555a09b6d6f356bf3587
SHA256

b4f8e59f8da17344318d3c8ece75e6b8aae89869bd9fdccffa168db0887f6c5e
SHA512

771c12779b5654e6ddc8ed55f55dcea414356cf6280ab0bcf74775059e4f7bbe543993f0b723fde290502fc475a2daf386d9fe49a7dfd946dc04b21a8c8fb0a1
SSDEEP

768:36Wvg5qzMcQsmq1Ep9LfGPwoB+J9hDyrFQ:qWoIzyuDPTB49GQ

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  83721eab206edc6c3c5af7acb5d12630_JaffaCakes118
- Size
  
  26KB
- MD5
  
  83721eab206edc6c3c5af7acb5d12630
- SHA1
  
  d866ce82796043358c30555a09b6d6f356bf3587
- SHA256
  
  b4f8e59f8da17344318d3c8ece75e6b8aae89869bd9fdccffa168db0887f6c5e
- SHA512
  
  771c12779b5654e6ddc8ed55f55dcea414356cf6280ab0bcf74775059e4f7bbe543993f0b723fde290502fc475a2daf386d9fe49a7dfd946dc04b21a8c8fb0a1
- SSDEEP
  
  768:36Wvg5qzMcQsmq1Ep9LfGPwoB+J9hDyrFQ:qWoIzyuDPTB49GQ
Score

8^/10

discovery evasion persistence privilege_escalation
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasionpersistenceprivilege_escalation