ae2d1670fa5ec3ee20b2a763b884105c2b240d337a02e4f66690e334a4278fe4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a95772aad70ed9b9e0538f23808e6705_JaffaCakes118
Size

70KB
Sample

240819-dmnj8a1cme
MD5

a95772aad70ed9b9e0538f23808e6705
SHA1

28dcdd12a9d71a40ad79d4c6edb79f88f9bf6ee7
SHA256

ae2d1670fa5ec3ee20b2a763b884105c2b240d337a02e4f66690e334a4278fe4
SHA512

e1ba1e896b3d828eed358e120e2e75eb9b07e1faa850c0f90c1ab5694f5b1e37b154d8f8e30f1a8cc4cea9f169b96afc6e6a503aea537b23ab196a0c7f28076c
SSDEEP

1536:d0Ca9efJ9mQe3kHJjLIrnW0bFbEFcEA3soPgXuUWJpCfF3Q1ELuX:dJa9GHewGa62FM/4XuUWjC6

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  a95772aad70ed9b9e0538f23808e6705_JaffaCakes118
- Size
  
  70KB
- MD5
  
  a95772aad70ed9b9e0538f23808e6705
- SHA1
  
  28dcdd12a9d71a40ad79d4c6edb79f88f9bf6ee7
- SHA256
  
  ae2d1670fa5ec3ee20b2a763b884105c2b240d337a02e4f66690e334a4278fe4
- SHA512
  
  e1ba1e896b3d828eed358e120e2e75eb9b07e1faa850c0f90c1ab5694f5b1e37b154d8f8e30f1a8cc4cea9f169b96afc6e6a503aea537b23ab196a0c7f28076c
- SSDEEP
  
  1536:d0Ca9efJ9mQe3kHJjLIrnW0bFbEFcEA3soPgXuUWJpCfF3Q1ELuX:dJa9GHewGa62FM/4XuUWjC6
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence