General
-
Target
af387b3ebd669ff3d9200cf26f854f5e_JaffaCakes118
-
Size
76KB
-
Sample
240820-pnjhfavhmq
-
MD5
af387b3ebd669ff3d9200cf26f854f5e
-
SHA1
674122f1b88b65cbd01b88560420d6fbacfd70c3
-
SHA256
925759244bcb21f629eee0c19200b7ec6814dc5935f0ce98c6cd9e3075132c26
-
SHA512
c63fa378c0f0715dd43980795a4c46cdd3fab9b26ef8a184019fe1834aa64baa4d67c2527e6d1cd58992cdb35afe985438e7a3f98e0d7bf36eaaf92e8ca91fc0
-
SSDEEP
1536:ufq44Q2etZbfbOGK4W6EjIMuAZGKkx1nLCDlbua6TaX91UUFlJKB:Nf4ZbzOGUjIM3ZGhnLC9oarTwB
Malware Config
Targets
-
-
Target
af387b3ebd669ff3d9200cf26f854f5e_JaffaCakes118
-
Size
76KB
-
MD5
af387b3ebd669ff3d9200cf26f854f5e
-
SHA1
674122f1b88b65cbd01b88560420d6fbacfd70c3
-
SHA256
925759244bcb21f629eee0c19200b7ec6814dc5935f0ce98c6cd9e3075132c26
-
SHA512
c63fa378c0f0715dd43980795a4c46cdd3fab9b26ef8a184019fe1834aa64baa4d67c2527e6d1cd58992cdb35afe985438e7a3f98e0d7bf36eaaf92e8ca91fc0
-
SSDEEP
1536:ufq44Q2etZbfbOGK4W6EjIMuAZGKkx1nLCDlbua6TaX91UUFlJKB:Nf4ZbzOGUjIM3ZGhnLC9oarTwB
Score10/10-
Modifies security service
-
Modifies visiblity of hidden/system files in Explorer
-
Event Triggered Execution: Image File Execution Options Injection
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
1File Deletion
1Modify Registry
3