Overview

overview

10

Static

static

3

a00b3b460c...18.exe

windows7-x64

10

a00b3b460c...18.exe

windows10-2004-x64

5

Sharing

Copy URL Twitter E-mail

General

  • Target

    a00b3b460cd7c37b8690daa779a29373_JaffaCakes118

  • Size

    78KB

  • Sample

    240816-1kc22asdmr

  • MD5

    a00b3b460cd7c37b8690daa779a29373

  • SHA1

    de5d375adbcce6952e7b083efc3a0d076209afe0

  • SHA256

    6a46b2d397c4e896402a23d59eaff7120b8443bc11187519276da8c8f4f7518d

  • SHA512

    0cc6c0bfb9e50584b2655694b415817cd9721430266c74711f4fc62e3a0b088caab8941f85587a8b5796d26536f3ead396f1923b911eab82e6255668f62f8d67

  • SSDEEP

    768:i0hOR598fJGo7AgBHgyTrRZpHWdxV/4Q/p2iLPFVR4NJ+xblRXlG//hOp3b6S0RF:isLfJb8OflHWdLwQ/phLlBlOhOlYFSd

Score
10/10
discoveryevasionexecutionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      a00b3b460cd7c37b8690daa779a29373_JaffaCakes118

    • Size

      78KB

    • MD5

      a00b3b460cd7c37b8690daa779a29373

    • SHA1

      de5d375adbcce6952e7b083efc3a0d076209afe0

    • SHA256

      6a46b2d397c4e896402a23d59eaff7120b8443bc11187519276da8c8f4f7518d

    • SHA512

      0cc6c0bfb9e50584b2655694b415817cd9721430266c74711f4fc62e3a0b088caab8941f85587a8b5796d26536f3ead396f1923b911eab82e6255668f62f8d67

    • SSDEEP

      768:i0hOR598fJGo7AgBHgyTrRZpHWdxV/4Q/p2iLPFVR4NJ+xblRXlG//hOp3b6S0RF:isLfJb8OflHWdLwQ/phLlBlOhOlYFSd

    Score
    10/10
    discoveryevasionexecutionpersistenceprivilege_escalation

    • Disables service(s)

      evasionexecution

    • Modifies firewall policy service

      evasion

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

3
T1543

Windows Service

3
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

3
T1543

Windows Service

3
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify System Firewall

2
T1562.004

Modify Registry

3
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

1
T1489

Tasks