728f349e9b51edeaaebbb0ae62e09def926e2b05e8509780dce114e14c4ebda3 | Triage

Sharing

General

Target

be4e66cdbb0a056a93b6ae081bb89acd_JaffaCakes118
Size

12KB
Sample

240824-lek35avgqj
MD5

be4e66cdbb0a056a93b6ae081bb89acd
SHA1

e5ca52535ff1a53bab64f1f7c370e4f50639e736
SHA256

728f349e9b51edeaaebbb0ae62e09def926e2b05e8509780dce114e14c4ebda3
SHA512

09b8edf99a9fdbe1f59ba735d738d5b00c9d0a04fda68f7fb568841e268efe0e0c975eae6cb1d23306284b78ac0803594fe67e280cbf64f8f7f5dcefbd81a84f
SSDEEP

192:p2H+2+cXezw8GxzF6/eqVee6JtmQe/Ifi4fcTck:s+JcXeULdgeszQrfi4fcr

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  be4e66cdbb0a056a93b6ae081bb89acd_JaffaCakes118
- Size
  
  12KB
- MD5
  
  be4e66cdbb0a056a93b6ae081bb89acd
- SHA1
  
  e5ca52535ff1a53bab64f1f7c370e4f50639e736
- SHA256
  
  728f349e9b51edeaaebbb0ae62e09def926e2b05e8509780dce114e14c4ebda3
- SHA512
  
  09b8edf99a9fdbe1f59ba735d738d5b00c9d0a04fda68f7fb568841e268efe0e0c975eae6cb1d23306284b78ac0803594fe67e280cbf64f8f7f5dcefbd81a84f
- SSDEEP
  
  192:p2H+2+cXezw8GxzF6/eqVee6JtmQe/Ifi4fcTck:s+JcXeULdgeszQrfi4fcr
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence