3fb425212df93b53789adf272faec0aea9ad32593981d02c1f1ca5589d0bbfd3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d73344fa0b8c5981478cb4d77935a021_JaffaCakes118
Size

17KB
Sample

240909-2gwweatelm
MD5

d73344fa0b8c5981478cb4d77935a021
SHA1

9a67c85d8745ae6b97bf00163d3a07b4ddbef095
SHA256

3fb425212df93b53789adf272faec0aea9ad32593981d02c1f1ca5589d0bbfd3
SHA512

fc956ba2436d3b33702ae5806ad016723af9032e582786ec6a1f71b6665884af4acf64141cfc6411c2029e4fdfec776e8c3dbd78ee3642bedcbc668bad189a20
SSDEEP

384:mFW/WuD9GOuzRXlQQkIhDp3FqEGmf9DW984TaoosNVOdw:B9UXl3kmbtjW984T//OK

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  d73344fa0b8c5981478cb4d77935a021_JaffaCakes118
- Size
  
  17KB
- MD5
  
  d73344fa0b8c5981478cb4d77935a021
- SHA1
  
  9a67c85d8745ae6b97bf00163d3a07b4ddbef095
- SHA256
  
  3fb425212df93b53789adf272faec0aea9ad32593981d02c1f1ca5589d0bbfd3
- SHA512
  
  fc956ba2436d3b33702ae5806ad016723af9032e582786ec6a1f71b6665884af4acf64141cfc6411c2029e4fdfec776e8c3dbd78ee3642bedcbc668bad189a20
- SSDEEP
  
  384:mFW/WuD9GOuzRXlQQkIhDp3FqEGmf9DW984TaoosNVOdw:B9UXl3kmbtjW984T//OK
Score

8^/10

discovery persistence
- Sets service image path in registry
  persistence
- Deletes itself
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence