b32f8a6bb58bcef9c5d1503416eb3dcdcd5c145535cdd694360007343d9bdd0e | Triage

Sharing

General

Target

b30d6b044885d9679eb1c8e1b9a9ddb7_JaffaCakes118
Size

343KB
Sample

240821-l7j2jawelp
MD5

b30d6b044885d9679eb1c8e1b9a9ddb7
SHA1

36bcdeea9f0a1aaeb313cc136a16fdc19fbbb6c9
SHA256

b32f8a6bb58bcef9c5d1503416eb3dcdcd5c145535cdd694360007343d9bdd0e
SHA512

78f88f21483d07644e3b41c6b3436d438d88489594674fba492947105e0e25a7b8a06357a515cfb85f974fb5cf752688a0f07aedb0e6cee365e79798c276a837
SSDEEP

6144:au2urzh9xu/XkaumM2OUQEI4nI0RgiZgSQ6neV0e76qnRqHZDEK9:autrzh9xOXk12QJ4nI0+Ya4YMxz9

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  b30d6b044885d9679eb1c8e1b9a9ddb7_JaffaCakes118
- Size
  
  343KB
- MD5
  
  b30d6b044885d9679eb1c8e1b9a9ddb7
- SHA1
  
  36bcdeea9f0a1aaeb313cc136a16fdc19fbbb6c9
- SHA256
  
  b32f8a6bb58bcef9c5d1503416eb3dcdcd5c145535cdd694360007343d9bdd0e
- SHA512
  
  78f88f21483d07644e3b41c6b3436d438d88489594674fba492947105e0e25a7b8a06357a515cfb85f974fb5cf752688a0f07aedb0e6cee365e79798c276a837
- SSDEEP
  
  6144:au2urzh9xu/XkaumM2OUQEI4nI0RgiZgSQ6neV0e76qnRqHZDEK9:autrzh9xOXk12QJ4nI0+Ya4YMxz9
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence