Overview

overview

8

Static

static

7

d9e60f1a0f...18.exe

windows7-x64

8

d9e60f1a0f...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d9e60f1a0fad5f5d7a9dd35153b48f7b_JaffaCakes118

  • Size

    33KB

  • Sample

    240911-jky6tszgpf

  • MD5

    d9e60f1a0fad5f5d7a9dd35153b48f7b

  • SHA1

    aa7cf6bf95cbc367dac8e3af8f37b4f5ac73f1d0

  • SHA256

    2b0ccbb844690d4572a3a0bde468a8ffb250008a8d18031e53d9b21a0112fdcf

  • SHA512

    8acbc8ce38fbe19e139159f21c551b09c63cdb4b4505e35fc0f25fc5f961827c60ab86abd2e2156d74ef5b3738c4baaf26300c448e3e3d450a170b9f9dc5085e

  • SSDEEP

    768:gb3EhwiDVnjNL2K1IfnrzMkg8vUF17HcA00tmSVX:gb3ESqLh1IzzMkggy17HcutmAX

Score
8/10
discoverylateral_movementpersistenceupx

Malware Config

Targets

    • Target

      d9e60f1a0fad5f5d7a9dd35153b48f7b_JaffaCakes118

    • Size

      33KB

    • MD5

      d9e60f1a0fad5f5d7a9dd35153b48f7b

    • SHA1

      aa7cf6bf95cbc367dac8e3af8f37b4f5ac73f1d0

    • SHA256

      2b0ccbb844690d4572a3a0bde468a8ffb250008a8d18031e53d9b21a0112fdcf

    • SHA512

      8acbc8ce38fbe19e139159f21c551b09c63cdb4b4505e35fc0f25fc5f961827c60ab86abd2e2156d74ef5b3738c4baaf26300c448e3e3d450a170b9f9dc5085e

    • SSDEEP

      768:gb3EhwiDVnjNL2K1IfnrzMkg8vUF17HcA00tmSVX:gb3ESqLh1IzzMkggy17HcutmAX

    Score
    8/10
    discoverypersistenceupxlateral_movement

    • Adds policy Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Remote Services: SMB/Windows Admin Shares

      Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).

      lateral_movement

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Active Setup

1
T1547.014

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Active Setup

1
T1547.014

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Remote Services

1
T1021

SMB/Windows Admin Shares

1
T1021.002

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks