General
-
Target
b6996f1307bf63655e005fbd11665cab_JaffaCakes118
-
Size
6.1MB
-
Sample
240822-gsbz6avgqn
-
MD5
b6996f1307bf63655e005fbd11665cab
-
SHA1
de837b07acd5f03db04ffe9b95cb2293dfa5c529
-
SHA256
88e2ce9606dee00f972a705a939bf3b1fdd5e6870757cd27f820efa00798432c
-
SHA512
83308f72939312279fec986609ff508a2936847a7339fdfa40a45a7d4494cda8503fb16428d550bef220839d2f4e788e3fe54b755ebb28968de74111ba5db8ab
-
SSDEEP
98304:8zsVLT0V6JYlrI4REFGsRNxqsMzC+IyK+zxYvM1djrUab1MZpr8hD8PF3admsR2l:8i9JQDENY9V+M3Ug0MNxo00AfW96m
Malware Config
Targets
-
-
Target
b6996f1307bf63655e005fbd11665cab_JaffaCakes118
-
Size
6.1MB
-
MD5
b6996f1307bf63655e005fbd11665cab
-
SHA1
de837b07acd5f03db04ffe9b95cb2293dfa5c529
-
SHA256
88e2ce9606dee00f972a705a939bf3b1fdd5e6870757cd27f820efa00798432c
-
SHA512
83308f72939312279fec986609ff508a2936847a7339fdfa40a45a7d4494cda8503fb16428d550bef220839d2f4e788e3fe54b755ebb28968de74111ba5db8ab
-
SSDEEP
98304:8zsVLT0V6JYlrI4REFGsRNxqsMzC+IyK+zxYvM1djrUab1MZpr8hD8PF3admsR2l:8i9JQDENY9V+M3Ug0MNxo00AfW96m
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1