Overview

overview

8

Static

static

3

db9d9f8dad...18.exe

windows7-x64

8

db9d9f8dad...18.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    db9d9f8dad9e140a6e94fd05f2100de1_JaffaCakes118

  • Size

    3.1MB

  • Sample

    240912-cdm2navgnf

  • MD5

    db9d9f8dad9e140a6e94fd05f2100de1

  • SHA1

    47177b8345e86c09b620fc333a9db6a04240d7cd

  • SHA256

    1fc09622f4c17365c89c5d070e890cf7328d3ab199df7de3f889cb44a5ec6491

  • SHA512

    97391139aefd4bfb574e1f171828e8f7d5a2315ac9e5ea1ba9938c05b801ef0d55e84f5d1cb3f12577636a4d439ef996825b747b5e8086c391e5578cb4a6117b

  • SSDEEP

    49152:t6VizxN6pdmiclcLwCAALBVJS10JmfeL3SJvsTSqI6EXXQIYi5YOySz29:t6+1HC5VNJm2bSJ9qeXX757ySz

Score
8/10
discoveryevasionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      db9d9f8dad9e140a6e94fd05f2100de1_JaffaCakes118

    • Size

      3.1MB

    • MD5

      db9d9f8dad9e140a6e94fd05f2100de1

    • SHA1

      47177b8345e86c09b620fc333a9db6a04240d7cd

    • SHA256

      1fc09622f4c17365c89c5d070e890cf7328d3ab199df7de3f889cb44a5ec6491

    • SHA512

      97391139aefd4bfb574e1f171828e8f7d5a2315ac9e5ea1ba9938c05b801ef0d55e84f5d1cb3f12577636a4d439ef996825b747b5e8086c391e5578cb4a6117b

    • SSDEEP

      49152:t6VizxN6pdmiclcLwCAALBVJS10JmfeL3SJvsTSqI6EXXQIYi5YOySz29:t6+1HC5VNJm2bSJ9qeXX757ySz

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks