1b809e273c3007fa38b2aa1a5c1883bbc2cb26061ef12c1294e254cd54291f65 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a0f5e34d9bbd6e6382bfdb669fe97a75_JaffaCakes118
Size

338KB
Sample

240817-dhv4haxamr
MD5

a0f5e34d9bbd6e6382bfdb669fe97a75
SHA1

03e61019d529414ed98a4ea810acdd1baa589cbf
SHA256

1b809e273c3007fa38b2aa1a5c1883bbc2cb26061ef12c1294e254cd54291f65
SHA512

d672f991d31074326b1e02fc657c8e22fef896fd9dd6e9b055c7ac43211244e2a247d24b1b8a0ec8e20d15533f7c19d7c1155fd32eadc837c35df0d787c2f0ae
SSDEEP

6144:8K8lXS4por1HzGE0ihKmBxAqmhC9WObfYNR3J5z7JJWD/ceOhfrZvpW:8K8lXS4por1HzGE0iMmB+qEC9FYn3J5z

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  a0f5e34d9bbd6e6382bfdb669fe97a75_JaffaCakes118
- Size
  
  338KB
- MD5
  
  a0f5e34d9bbd6e6382bfdb669fe97a75
- SHA1
  
  03e61019d529414ed98a4ea810acdd1baa589cbf
- SHA256
  
  1b809e273c3007fa38b2aa1a5c1883bbc2cb26061ef12c1294e254cd54291f65
- SHA512
  
  d672f991d31074326b1e02fc657c8e22fef896fd9dd6e9b055c7ac43211244e2a247d24b1b8a0ec8e20d15533f7c19d7c1155fd32eadc837c35df0d787c2f0ae
- SSDEEP
  
  6144:8K8lXS4por1HzGE0ihKmBxAqmhC9WObfYNR3J5z7JJWD/ceOhfrZvpW:8K8lXS4por1HzGE0iMmB+qEC9FYn3J5z
Score

8^/10

discovery persistence
- Adds policy Run key to start application
  persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence