General
-
Target
b0d827c1c2667f29f5e681e79e1af957_JaffaCakes118
-
Size
1.6MB
-
Sample
240820-zyvcsstbpf
-
MD5
b0d827c1c2667f29f5e681e79e1af957
-
SHA1
2cf305ed64726b1e82441d838aac5b86ee5610f4
-
SHA256
3f4be00553a7b4f1fdd25970ffbc0bea6297cd3a0a701831f73ccad18f310ba0
-
SHA512
754bab6052af877f002a00157e8a9f0964d6604346b9279821dfdb08eba935c1dcae07280fbde8876a7f8c21af54719d7fd0fe312378d38f390eac0a7586a88b
-
SSDEEP
49152:AxXlN9dk9qgDidqSwJnTkWwIz30sa/kbc1FrcT:AxXlR6Mdq/TYIz30z9u
Malware Config
Targets
-
-
Target
b0d827c1c2667f29f5e681e79e1af957_JaffaCakes118
-
Size
1.6MB
-
MD5
b0d827c1c2667f29f5e681e79e1af957
-
SHA1
2cf305ed64726b1e82441d838aac5b86ee5610f4
-
SHA256
3f4be00553a7b4f1fdd25970ffbc0bea6297cd3a0a701831f73ccad18f310ba0
-
SHA512
754bab6052af877f002a00157e8a9f0964d6604346b9279821dfdb08eba935c1dcae07280fbde8876a7f8c21af54719d7fd0fe312378d38f390eac0a7586a88b
-
SSDEEP
49152:AxXlN9dk9qgDidqSwJnTkWwIz30sa/kbc1FrcT:AxXlR6Mdq/TYIz30z9u
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables taskbar notifications via registry modification
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1