af6dc9e474e8cef95cf52e8861bead520342e3f314f1679f9466172f6d37bc67 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a6a10b92dd93f16d3e7bcf4d6f18f24a_JaffaCakes118
Size

172KB
Sample

240818-nrrsjssbma
MD5

a6a10b92dd93f16d3e7bcf4d6f18f24a
SHA1

06d1e89283f037f857e6c75d7d96cbb72b5fb7a0
SHA256

af6dc9e474e8cef95cf52e8861bead520342e3f314f1679f9466172f6d37bc67
SHA512

24d959582f997613f5624ee4bfae6b0b82ba9819d186c908e5bbb9f64162f9362f8c688a364af866bd26bb26e2705122ad6092176de9e98ce3f907a5a52d01f0
SSDEEP

3072:fjEK7MTgoWmELfKgTOePQ8G6NgkGmn110/hFQZGGZLtThrupT25vOuTo:fjEcqNWbfTPQ8G61rOK6

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  a6a10b92dd93f16d3e7bcf4d6f18f24a_JaffaCakes118
- Size
  
  172KB
- MD5
  
  a6a10b92dd93f16d3e7bcf4d6f18f24a
- SHA1
  
  06d1e89283f037f857e6c75d7d96cbb72b5fb7a0
- SHA256
  
  af6dc9e474e8cef95cf52e8861bead520342e3f314f1679f9466172f6d37bc67
- SHA512
  
  24d959582f997613f5624ee4bfae6b0b82ba9819d186c908e5bbb9f64162f9362f8c688a364af866bd26bb26e2705122ad6092176de9e98ce3f907a5a52d01f0
- SSDEEP
  
  3072:fjEK7MTgoWmELfKgTOePQ8G6NgkGmn110/hFQZGGZLtThrupT25vOuTo:fjEcqNWbfTPQ8G61rOK6
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence