Overview

overview

8

Static

static

3

d0255a0b4e...18.exe

windows7-x64

8

d0255a0b4e...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0255a0b4e468f709c8a8673a1d49035_JaffaCakes118

  • Size

    284KB

  • Sample

    240906-wnp4js1brf

  • MD5

    d0255a0b4e468f709c8a8673a1d49035

  • SHA1

    2976712f82b93600921811f59f7cbea17a7a9601

  • SHA256

    2cf948d90f2971e902a2294ae324a23ae1556644ed9ecd463bda41d6f9a7c2db

  • SHA512

    00f93ffbf2ae10c4dfdf74ccc1771b539e0246215cd2805afaf7122eb644bb07a0cf7846dadcd93a7ca361d02f815f0ccbfbceb86fe045e122fac51c85ed6047

  • SSDEEP

    3072:tXbmAgiyC6T8fGJKTtSBKVEHRuoj3Y1BywfD4uwStjAjTUKITcFUeCfx6CZMxqCo:36YLcBKiYfDRwStjgQLc6eBSqSOXoqQ

Score
8/10
discoverylateral_movementpersistence

Malware Config

Targets

    • Target

      d0255a0b4e468f709c8a8673a1d49035_JaffaCakes118

    • Size

      284KB

    • MD5

      d0255a0b4e468f709c8a8673a1d49035

    • SHA1

      2976712f82b93600921811f59f7cbea17a7a9601

    • SHA256

      2cf948d90f2971e902a2294ae324a23ae1556644ed9ecd463bda41d6f9a7c2db

    • SHA512

      00f93ffbf2ae10c4dfdf74ccc1771b539e0246215cd2805afaf7122eb644bb07a0cf7846dadcd93a7ca361d02f815f0ccbfbceb86fe045e122fac51c85ed6047

    • SSDEEP

      3072:tXbmAgiyC6T8fGJKTtSBKVEHRuoj3Y1BywfD4uwStjAjTUKITcFUeCfx6CZMxqCo:36YLcBKiYfDRwStjgQLc6eBSqSOXoqQ

    Score
    8/10
    discoverypersistencelateral_movement

    • Boot or Logon Autostart Execution: Port Monitors

      Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.

      persistence

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Remote Services: SMB/Windows Admin Shares

      Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).

      lateral_movement

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Port Monitors

1
T1547.010

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Port Monitors

1
T1547.010

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Remote Services

1
T1021

SMB/Windows Admin Shares

1
T1021.002

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks