0f2463e181a4dccd114e1721119ce00aa436c7eb3b14eb0509e4cdc16f780982 | Triage

Sharing

General

Target

cf2accbe45a8e65f7cffc3e13b46e036_JaffaCakes118
Size

66KB
Sample

240906-kww2aaxfrf
MD5

cf2accbe45a8e65f7cffc3e13b46e036
SHA1

49a9989d3fc41a20b23134a6c923bd95218d889b
SHA256

0f2463e181a4dccd114e1721119ce00aa436c7eb3b14eb0509e4cdc16f780982
SHA512

bc4763e2b5c75b9a8c8e5117ab8dc0130afbe32b11754fdc7c0af4fd539f65ffd22c28890b2cfe4e47af21b50ff1076262d43a16c0e144eff9dc6d957738d287
SSDEEP

1536:YMARf2o4BGUjGhfpOXhFoCS33tVEJct9+KxARy:YVf4Bt4pOxFHS33tVEJctQKxARy

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  cf2accbe45a8e65f7cffc3e13b46e036_JaffaCakes118
- Size
  
  66KB
- MD5
  
  cf2accbe45a8e65f7cffc3e13b46e036
- SHA1
  
  49a9989d3fc41a20b23134a6c923bd95218d889b
- SHA256
  
  0f2463e181a4dccd114e1721119ce00aa436c7eb3b14eb0509e4cdc16f780982
- SHA512
  
  bc4763e2b5c75b9a8c8e5117ab8dc0130afbe32b11754fdc7c0af4fd539f65ffd22c28890b2cfe4e47af21b50ff1076262d43a16c0e144eff9dc6d957738d287
- SSDEEP
  
  1536:YMARf2o4BGUjGhfpOXhFoCS33tVEJct9+KxARy:YVf4Bt4pOxFHS33tVEJctQKxARy
Score

8^/10

discovery persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence