9d6834ffbcfb87f7ca5cb04057d4e67bf537e446e3f8ec19513350990e6280b7 | Triage

Sharing

General

Target

dbbff3acf5b58fa566f375aae7896f0b_JaffaCakes118
Size

105KB
Sample

240912-d95f9azclf
MD5

dbbff3acf5b58fa566f375aae7896f0b
SHA1

16b6f0c23db5b6bd68146416c36946e28ff36baf
SHA256

9d6834ffbcfb87f7ca5cb04057d4e67bf537e446e3f8ec19513350990e6280b7
SHA512

f8139b62c41b0404a0fec6f67e14da783be3b605e636cab9c9d0e905feb02b60739f12841116124853d56e2a3c79f4f531daa8b5446c47fcf2af64894c20f87a
SSDEEP

1536:Wh468ysdOC/9pymGoxEfq5B7zKFGCxjgwLQhEN5oVIRzQYiFCvLI2EczJ3:P/9cmkfoB7zKFGCxjzn7o4KSEYd

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  dbbff3acf5b58fa566f375aae7896f0b_JaffaCakes118
- Size
  
  105KB
- MD5
  
  dbbff3acf5b58fa566f375aae7896f0b
- SHA1
  
  16b6f0c23db5b6bd68146416c36946e28ff36baf
- SHA256
  
  9d6834ffbcfb87f7ca5cb04057d4e67bf537e446e3f8ec19513350990e6280b7
- SHA512
  
  f8139b62c41b0404a0fec6f67e14da783be3b605e636cab9c9d0e905feb02b60739f12841116124853d56e2a3c79f4f531daa8b5446c47fcf2af64894c20f87a
- SSDEEP
  
  1536:Wh468ysdOC/9pymGoxEfq5B7zKFGCxjgwLQhEN5oVIRzQYiFCvLI2EczJ3:P/9cmkfoB7zKFGCxjzn7o4KSEYd
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence