Overview

overview

9

Static

static

3

d2c2c33896...18.exe

windows7-x64

9

d2c2c33896...18.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    d2c2c3389648c8ffbdcabeccb2d96f1a_JaffaCakes118

  • Size

    36KB

  • Sample

    240907-y4mdpssgmm

  • MD5

    d2c2c3389648c8ffbdcabeccb2d96f1a

  • SHA1

    56979f44cf6b12ca1341a6655adc7e68aac5af14

  • SHA256

    05e51ae5380cd91a1edec3412fdc157e67889496ef2b7af48c1fb5da9beadb59

  • SHA512

    864fada006a1f86ce89fe0f6a7c58dbf5d0a8f2968d087b5508862018ee5b2842d33bfe4c21e2512c472954253a64d875081b96c14aa67fc3a187e938bee8dfe

  • SSDEEP

    768:It0vDNsppLkOQIjlsSbMxBsbWQwlRmSoUt2vFZtV81g6:xJEp4GaSQxU4l/xt2927

Score
9/10
defense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      d2c2c3389648c8ffbdcabeccb2d96f1a_JaffaCakes118

    • Size

      36KB

    • MD5

      d2c2c3389648c8ffbdcabeccb2d96f1a

    • SHA1

      56979f44cf6b12ca1341a6655adc7e68aac5af14

    • SHA256

      05e51ae5380cd91a1edec3412fdc157e67889496ef2b7af48c1fb5da9beadb59

    • SHA512

      864fada006a1f86ce89fe0f6a7c58dbf5d0a8f2968d087b5508862018ee5b2842d33bfe4c21e2512c472954253a64d875081b96c14aa67fc3a187e938bee8dfe

    • SSDEEP

      768:It0vDNsppLkOQIjlsSbMxBsbWQwlRmSoUt2vFZtV81g6:xJEp4GaSQxU4l/xt2927

    Score
    9/10
    defense_evasiondiscoverypersistence

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Modifies WinLogon

      persistence

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Drops file in System32 directory

    • Hide Artifacts: Hidden Users

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Account Manipulation

1
T1098

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Account Manipulation

1
T1098

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Hide Artifacts

1
T1564

Hidden Users

1
T1564.002

Modify Registry

3
T1112

Credential Access

Discovery

Network Share Discovery

1
T1135

Permission Groups Discovery

1
T1069

Local Groups

1
T1069.001

Query Registry

1
T1012

Remote System Discovery

1
T1018

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks