71579f4eb98c1a251baa0cecef146efd401e68a224952460c8911fb5a09ccc99 | Triage

Sharing

General

Target

ad2e2ac62f90ba59c809797a89cf246e_JaffaCakes118
Size

148KB
Sample

240820-am4pnaxfpp
MD5

ad2e2ac62f90ba59c809797a89cf246e
SHA1

d164999aecf5a8c08857b4395582477f0610bd1b
SHA256

71579f4eb98c1a251baa0cecef146efd401e68a224952460c8911fb5a09ccc99
SHA512

676cd70200f55c40fd37a73cd1902186cfe1abc8e8c3e3c5d1625664548e0a0fd242c2842ebe7cf90a8c4fb81753d39c95161f78f866f32d507f325eac201085
SSDEEP

3072:y/pr26YWNDfdJN6goq9Dd2vD+o5eMGEEoI3LimuW:y/V2MlJsgoYdOD2vP

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  ad2e2ac62f90ba59c809797a89cf246e_JaffaCakes118
- Size
  
  148KB
- MD5
  
  ad2e2ac62f90ba59c809797a89cf246e
- SHA1
  
  d164999aecf5a8c08857b4395582477f0610bd1b
- SHA256
  
  71579f4eb98c1a251baa0cecef146efd401e68a224952460c8911fb5a09ccc99
- SHA512
  
  676cd70200f55c40fd37a73cd1902186cfe1abc8e8c3e3c5d1625664548e0a0fd242c2842ebe7cf90a8c4fb81753d39c95161f78f866f32d507f325eac201085
- SSDEEP
  
  3072:y/pr26YWNDfdJN6goq9Dd2vD+o5eMGEEoI3LimuW:y/V2MlJsgoYdOD2vP
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence