f43c4eefebf39d939867c2a169392a2cafb527a34d229efda43ffb9df9dac414 | Triage

Sharing

General

Target

96cf377e3562f3f89a292c75acbe1adb_JaffaCakes118
Size

32KB
Sample

240814-t1xm2ssamf
MD5

96cf377e3562f3f89a292c75acbe1adb
SHA1

aa889d56c9c0d732630314343b1800975fe053ed
SHA256

f43c4eefebf39d939867c2a169392a2cafb527a34d229efda43ffb9df9dac414
SHA512

47040b9998ac4e7cbad15ab43dc54adbcb5fe2462295883b074722948fff8b64254f8845bbc3a64e2e11d80cbff6164a3a5c7fd995d962cfcbec5ca34bc80dba
SSDEEP

384:zh5L+G5jZfOWlZHrLZOKAyq4L9AnIRJUwZhNiPy87o+G9O18J7h2:zhV+GxbZOXk9HcqNo8B

Score

10^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  96cf377e3562f3f89a292c75acbe1adb_JaffaCakes118
- Size
  
  32KB
- MD5
  
  96cf377e3562f3f89a292c75acbe1adb
- SHA1
  
  aa889d56c9c0d732630314343b1800975fe053ed
- SHA256
  
  f43c4eefebf39d939867c2a169392a2cafb527a34d229efda43ffb9df9dac414
- SHA512
  
  47040b9998ac4e7cbad15ab43dc54adbcb5fe2462295883b074722948fff8b64254f8845bbc3a64e2e11d80cbff6164a3a5c7fd995d962cfcbec5ca34bc80dba
- SSDEEP
  
  384:zh5L+G5jZfOWlZHrLZOKAyq4L9AnIRJUwZhNiPy87o+G9O18J7h2:zhV+GxbZOXk9HcqNo8B
Score

10^/10

discovery evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence