000feea80cff83f880f9cd1a825c509d0f28a9b60a6165bee6dd903fc791e930 | Triage

Sharing

General

Target

abeae4a8b149f95dd69ec6c62c284bf7_JaffaCakes118
Size

488KB
Sample

240819-v2zz8sxajg
MD5

abeae4a8b149f95dd69ec6c62c284bf7
SHA1

0557ff5ab49a4b350dc1126b5c07ae0a99d459e5
SHA256

000feea80cff83f880f9cd1a825c509d0f28a9b60a6165bee6dd903fc791e930
SHA512

04c86270c37a2498a046176625e7cb5282ab4e8550c5d67d152fda57efa270cde8df0f6cf194b62080eaf16fa0cfce470d2275f51576b4027165e9d012de45cb
SSDEEP

12288:FB/zLMgXG/CTJFv9APm2+++9Xw7MvedPNpQHSV8:b/8gWwSPm2LqtGlQy+

Score

9^/10

defense_evasion discovery evasion persistence ransomware

Malware Config

Targets

- Target
  
  abeae4a8b149f95dd69ec6c62c284bf7_JaffaCakes118
- Size
  
  488KB
- MD5
  
  abeae4a8b149f95dd69ec6c62c284bf7
- SHA1
  
  0557ff5ab49a4b350dc1126b5c07ae0a99d459e5
- SHA256
  
  000feea80cff83f880f9cd1a825c509d0f28a9b60a6165bee6dd903fc791e930
- SHA512
  
  04c86270c37a2498a046176625e7cb5282ab4e8550c5d67d152fda57efa270cde8df0f6cf194b62080eaf16fa0cfce470d2275f51576b4027165e9d012de45cb
- SSDEEP
  
  12288:FB/zLMgXG/CTJFv9APm2+++9Xw7MvedPNpQHSV8:b/8gWwSPm2LqtGlQy+
Score

9^/10

defense_evasion discovery evasion persistence ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Drops file in Drivers directory
- Enables test signing to bypass driver trust controls
  Allows any signed driver to load without validation against a trusted certificate authority.
  defense_evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Code Signing Policy Modification

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistenceransomware

behavioral2