9e6d4c5917ad96f81d173a8f04d00c769448e9fd6d8ed101272f27f4d0916dde | Triage

Sharing

General

Target

b1c6cbba37f1b127e3147c92b20be349_JaffaCakes118
Size

34KB
Sample

240821-cv98hswapg
MD5

b1c6cbba37f1b127e3147c92b20be349
SHA1

5b7c22588e5381c641778e28c7e6501c1b77bb60
SHA256

9e6d4c5917ad96f81d173a8f04d00c769448e9fd6d8ed101272f27f4d0916dde
SHA512

50c39c6ecaee07592153ad8254397af43c52fe2184dd5d962511e622f07ce71e542f6a15d73c9656e4ec75439f003307e87f136546eebfb9d7784fae1636638d
SSDEEP

768:U4036VivbIqUWgvJfD6CTFTO0CLqpSLFJpv+OkOiT:B0qbqsJfD6CTFTMaSLFrhxM

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  b1c6cbba37f1b127e3147c92b20be349_JaffaCakes118
- Size
  
  34KB
- MD5
  
  b1c6cbba37f1b127e3147c92b20be349
- SHA1
  
  5b7c22588e5381c641778e28c7e6501c1b77bb60
- SHA256
  
  9e6d4c5917ad96f81d173a8f04d00c769448e9fd6d8ed101272f27f4d0916dde
- SHA512
  
  50c39c6ecaee07592153ad8254397af43c52fe2184dd5d962511e622f07ce71e542f6a15d73c9656e4ec75439f003307e87f136546eebfb9d7784fae1636638d
- SSDEEP
  
  768:U4036VivbIqUWgvJfD6CTFTO0CLqpSLFJpv+OkOiT:B0qbqsJfD6CTFTMaSLFrhxM
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence