Overview

overview

8

Static

static

3

bc23a9cff4...18.exe

windows7-x64

8

bc23a9cff4...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    bc23a9cff42123a5d998e99a205fdf0e_JaffaCakes118

  • Size

    50KB

  • Sample

    240823-rykvcssdjj

  • MD5

    bc23a9cff42123a5d998e99a205fdf0e

  • SHA1

    81cc6b99a2631b266e13831d7971c72213596dcb

  • SHA256

    d3502cee97cd0f033433ac04027025fd3d495c34ac51b431cbba4c3eea61db04

  • SHA512

    afd5e235a4d2d62082cfc81b55031624015ae37e7fab9572ddd0e8d7fd93de56263b4c46f5b32c041c551c0656135988a7b080fa72240a581f25cf0389fbb0a6

  • SSDEEP

    1536:3Lmf6L0+KbNuqrTm4FA8btMw+tJ+i9QCZA:6fayAUyrv9QCZA

Score
8/10
discoveryevasionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      bc23a9cff42123a5d998e99a205fdf0e_JaffaCakes118

    • Size

      50KB

    • MD5

      bc23a9cff42123a5d998e99a205fdf0e

    • SHA1

      81cc6b99a2631b266e13831d7971c72213596dcb

    • SHA256

      d3502cee97cd0f033433ac04027025fd3d495c34ac51b431cbba4c3eea61db04

    • SHA512

      afd5e235a4d2d62082cfc81b55031624015ae37e7fab9572ddd0e8d7fd93de56263b4c46f5b32c041c551c0656135988a7b080fa72240a581f25cf0389fbb0a6

    • SSDEEP

      1536:3Lmf6L0+KbNuqrTm4FA8btMw+tJ+i9QCZA:6fayAUyrv9QCZA

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

2
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks