ae65b4b0331cd211d405f4fc23305da7003f587e8b0881a5ba2cbd7d54f89ed2 | Triage

Sharing

General

Target

c7bb72d4945c3d45c908e3f4ebd61b9a_JaffaCakes118
Size

26KB
Sample

240828-11e7bs1aqm
MD5

c7bb72d4945c3d45c908e3f4ebd61b9a
SHA1

6a05822ab93a5c6528ae606c64c585b51318e0d7
SHA256

ae65b4b0331cd211d405f4fc23305da7003f587e8b0881a5ba2cbd7d54f89ed2
SHA512

6dcc01e026f0e82089a4334e0447a028a997b543c63e61eb1c969d9b2bec7e1a92f2fc27a51ec7f0caebd76f7d442d91f44baaba6ab749979b8c5ac57ba6c030
SSDEEP

768:Hoz+YMpjNqAPA0qd5mx/qSloSTi/pu30AYmmAb3le:HozxENbpNdqSlbTi/Khs

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  c7bb72d4945c3d45c908e3f4ebd61b9a_JaffaCakes118
- Size
  
  26KB
- MD5
  
  c7bb72d4945c3d45c908e3f4ebd61b9a
- SHA1
  
  6a05822ab93a5c6528ae606c64c585b51318e0d7
- SHA256
  
  ae65b4b0331cd211d405f4fc23305da7003f587e8b0881a5ba2cbd7d54f89ed2
- SHA512
  
  6dcc01e026f0e82089a4334e0447a028a997b543c63e61eb1c969d9b2bec7e1a92f2fc27a51ec7f0caebd76f7d442d91f44baaba6ab749979b8c5ac57ba6c030
- SSDEEP
  
  768:Hoz+YMpjNqAPA0qd5mx/qSloSTi/pu30AYmmAb3le:HozxENbpNdqSlbTi/Khs
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence