fab66cf9fc61dc2ffefaa459fe6b8dafdddf1df97e8163d2c6d7cd7e150458af | Triage

Sharing

General

Target

cfced6122299fa02d99b39e18f78b95a_JaffaCakes118
Size

138KB
Sample

240906-sdsvxatbqg
MD5

cfced6122299fa02d99b39e18f78b95a
SHA1

a7ea0dc390414050f54e058727b9a658e2c484b0
SHA256

fab66cf9fc61dc2ffefaa459fe6b8dafdddf1df97e8163d2c6d7cd7e150458af
SHA512

d1d247a3f54f7405a40b15e887721f6396d1fee67c3831d109516a1f46fe6a974d54248ba8d0662579116faabc63965fe7be1a92a825f3700bb54433fb9d51dc
SSDEEP

3072:1avMtMjF1EiROEbD7StLcP7pzsXla5i8Q0ysUKe:1S+kwEzSB07pz/5iP0zUKe

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  cfced6122299fa02d99b39e18f78b95a_JaffaCakes118
- Size
  
  138KB
- MD5
  
  cfced6122299fa02d99b39e18f78b95a
- SHA1
  
  a7ea0dc390414050f54e058727b9a658e2c484b0
- SHA256
  
  fab66cf9fc61dc2ffefaa459fe6b8dafdddf1df97e8163d2c6d7cd7e150458af
- SHA512
  
  d1d247a3f54f7405a40b15e887721f6396d1fee67c3831d109516a1f46fe6a974d54248ba8d0662579116faabc63965fe7be1a92a825f3700bb54433fb9d51dc
- SSDEEP
  
  3072:1avMtMjF1EiROEbD7StLcP7pzsXla5i8Q0ysUKe:1S+kwEzSB07pz/5iP0zUKe
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation