dba81a43b0c9ff3f90a4f70545277cfac66c09cf93e6a3989e020d531275ad47 | Triage

Sharing

General

Target

e103ab1a73a4d0962ebd45fed0b2644a_JaffaCakes118
Size

136KB
Sample

240914-zpqcgswclb
MD5

e103ab1a73a4d0962ebd45fed0b2644a
SHA1

880e5b00e2e741805338e3347a08eeb26503ba1c
SHA256

dba81a43b0c9ff3f90a4f70545277cfac66c09cf93e6a3989e020d531275ad47
SHA512

570a2ccead847e418b9a0982e8a077a0c26073568e1dd4ea52eb68d73a77cc70cf42afa358c5bb471d3a690958866855e7a7a704ebe97d618ea28d29188e68f9
SSDEEP

3072:HVjpVI2nsBAEcmWOSWvIVLozHVYuhf8tR4Odumkn:bXqsunn

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  e103ab1a73a4d0962ebd45fed0b2644a_JaffaCakes118
- Size
  
  136KB
- MD5
  
  e103ab1a73a4d0962ebd45fed0b2644a
- SHA1
  
  880e5b00e2e741805338e3347a08eeb26503ba1c
- SHA256
  
  dba81a43b0c9ff3f90a4f70545277cfac66c09cf93e6a3989e020d531275ad47
- SHA512
  
  570a2ccead847e418b9a0982e8a077a0c26073568e1dd4ea52eb68d73a77cc70cf42afa358c5bb471d3a690958866855e7a7a704ebe97d618ea28d29188e68f9
- SSDEEP
  
  3072:HVjpVI2nsBAEcmWOSWvIVLozHVYuhf8tR4Odumkn:bXqsunn
Score

8^/10

discovery persistence
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence