c4072f086669f10c4fc4b0175b2ba0519deb30b53af5f703f54a5f8b72b82750 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ae0ca7ec8aec65bd884288952f9fd39a_JaffaCakes118
Size

46KB
Sample

240820-ga948szbkq
MD5

ae0ca7ec8aec65bd884288952f9fd39a
SHA1

ca3edcbbc75b2cd89a9d115eabf91a5b03fe2dd6
SHA256

c4072f086669f10c4fc4b0175b2ba0519deb30b53af5f703f54a5f8b72b82750
SHA512

8cdc7ee89990490c0d8a4ebdfd41edfe95aaf12a63c030e341b41c74d3f929d5ceb361832b454d91811376818808cfcac1f0857d811252e81829f19418cc0113
SSDEEP

768:OH3oqwl6s36qvfyMANYvESgZM2yOV/Ujgr7/bSyyT3ZuLZ43a0yihu6BvHWgyvly:U+lN3ryMM1ZBVvmyy7qy37BHv2fv1xXg

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  ae0ca7ec8aec65bd884288952f9fd39a_JaffaCakes118
- Size
  
  46KB
- MD5
  
  ae0ca7ec8aec65bd884288952f9fd39a
- SHA1
  
  ca3edcbbc75b2cd89a9d115eabf91a5b03fe2dd6
- SHA256
  
  c4072f086669f10c4fc4b0175b2ba0519deb30b53af5f703f54a5f8b72b82750
- SHA512
  
  8cdc7ee89990490c0d8a4ebdfd41edfe95aaf12a63c030e341b41c74d3f929d5ceb361832b454d91811376818808cfcac1f0857d811252e81829f19418cc0113
- SSDEEP
  
  768:OH3oqwl6s36qvfyMANYvESgZM2yOV/Ujgr7/bSyyT3ZuLZ43a0yihu6BvHWgyvly:U+lN3ryMM1ZBVvmyy7qy37BHv2fv1xXg
Score

8^/10

discovery persistence
- Sets service image path in registry
  persistence
- Deletes itself
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence