25bad7c684eb2d245f067e6ad6b01f08b5768d8e918a4b0c7f6c30876c13f46c | Triage

Sharing

General

Target

89a9bff32c83d26c44c7d5f0f2fc5a73_JaffaCakes118
Size

15KB
Sample

240811-j9xz3asblk
MD5

89a9bff32c83d26c44c7d5f0f2fc5a73
SHA1

a58b27efe78372e0c8801b2b4e4f3a1a7d314d8f
SHA256

25bad7c684eb2d245f067e6ad6b01f08b5768d8e918a4b0c7f6c30876c13f46c
SHA512

2972fc496e79478860cecfdac7c715ec0b22d550f09889ecb3e8f7a4963179cebad5388d23c5795b569953b5d9a72dd6b222dbdad4d3ae2ccf04135d50f81f84
SSDEEP

192:tGYfzY6BlZHD0lSFx1hy8N+dlqf/chDaEVoArrfq6KVjHzG9KXtyQMxInEYrV:QeY6BlZ4o1r+MchDaEVo6ryVjye7v

Score

8^/10

discovery persistence upx

Malware Config

Targets

- Target
  
  89a9bff32c83d26c44c7d5f0f2fc5a73_JaffaCakes118
- Size
  
  15KB
- MD5
  
  89a9bff32c83d26c44c7d5f0f2fc5a73
- SHA1
  
  a58b27efe78372e0c8801b2b4e4f3a1a7d314d8f
- SHA256
  
  25bad7c684eb2d245f067e6ad6b01f08b5768d8e918a4b0c7f6c30876c13f46c
- SHA512
  
  2972fc496e79478860cecfdac7c715ec0b22d550f09889ecb3e8f7a4963179cebad5388d23c5795b569953b5d9a72dd6b222dbdad4d3ae2ccf04135d50f81f84
- SSDEEP
  
  192:tGYfzY6BlZHD0lSFx1hy8N+dlqf/chDaEVoArrfq6KVjHzG9KXtyQMxInEYrV:QeY6BlZ4o1r+MchDaEVo6ryVjye7v
Score

8^/10

discovery persistence upx
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceupx

behavioral2

discoverypersistenceupx