323c7a857915fa3b161360d792afa19a6e410811ec07d5d7e716ccf1720bd3d8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b4c1f7bca89ed610ae26479d56d43d76_JaffaCakes118
Size

3KB
Sample

240821-yat7fswgje
MD5

b4c1f7bca89ed610ae26479d56d43d76
SHA1

a4b927418eb49d2c566d036a762d6eb76ff9c166
SHA256

323c7a857915fa3b161360d792afa19a6e410811ec07d5d7e716ccf1720bd3d8
SHA512

becc704d5d31ed86a600a164a5396d6c21794ad6be50054f4f6f00324f3b29b90ff7a2db14b189b72c203a8401310b04cda456f454a3d44bb7e9a32fa3a87069

Score

7^/10

execution

Malware Config

Targets

- Target
  
  b4c1f7bca89ed610ae26479d56d43d76_JaffaCakes118
- Size
  
  3KB
- MD5
  
  b4c1f7bca89ed610ae26479d56d43d76
- SHA1
  
  a4b927418eb49d2c566d036a762d6eb76ff9c166
- SHA256
  
  323c7a857915fa3b161360d792afa19a6e410811ec07d5d7e716ccf1720bd3d8
- SHA512
  
  becc704d5d31ed86a600a164a5396d6c21794ad6be50054f4f6f00324f3b29b90ff7a2db14b189b72c203a8401310b04cda456f454a3d44bb7e9a32fa3a87069
Score

7^/10

execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2