51266e2afdc0665ca441bc1f261cb91dee4327770f4371e8832b91175cbc5c4d | Triage

Submit
Reports

Overview

overview

8

Static

static

7

e93d84280f...18.exe

windows7-x64

8

e93d84280f...18.exe

windows10-2004-x64

8

Sharing

General

Target

e93d84280f420761e8200661361dcebe_JaffaCakes118
Size

33KB
Sample

240918-qxz28atdpe
MD5

e93d84280f420761e8200661361dcebe
SHA1

8aaaf54c9ab09881be1ae6684f8b9ccd6744882e
SHA256

51266e2afdc0665ca441bc1f261cb91dee4327770f4371e8832b91175cbc5c4d
SHA512

1a6a9bdfd47786a7dd4e7a5ad100d700db35b42f4692280c3da4755cf050cc45fe5bc488555c0f438ef4cd04dee65e16568629eb51a6b127d70da6b68d6a0134
SSDEEP

768:gb3EhwiDVnjNL2K1IfnrzMkg8vUF17HcA3b:gb3ESqLh1IzzMkggy17Hcob

Score

8^/10

defense_evasion discovery lateral_movement persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

e93d84280f420761e8200661361dcebe_JaffaCakes118.exe

Resource

win7-20240903-en

defense_evasion discovery persistence upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

e93d84280f420761e8200661361dcebe_JaffaCakes118.exe

Resource

win10v2004-20240802-en

defense_evasion discovery lateral_movement persistence upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  e93d84280f420761e8200661361dcebe_JaffaCakes118
- Size
  
  33KB
- MD5
  
  e93d84280f420761e8200661361dcebe
- SHA1
  
  8aaaf54c9ab09881be1ae6684f8b9ccd6744882e
- SHA256
  
  51266e2afdc0665ca441bc1f261cb91dee4327770f4371e8832b91175cbc5c4d
- SHA512
  
  1a6a9bdfd47786a7dd4e7a5ad100d700db35b42f4692280c3da4755cf050cc45fe5bc488555c0f438ef4cd04dee65e16568629eb51a6b127d70da6b68d6a0134
- SSDEEP
  
  768:gb3EhwiDVnjNL2K1IfnrzMkg8vUF17HcA3b:gb3ESqLh1IzzMkggy17Hcob
Score

8^/10

defense_evasion discovery persistence upx lateral_movement
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Deletes itself
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Remote Services: SMB/Windows Admin Shares
  Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
  lateral_movement
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Active Setup

Defense Evasion

Modify Registry

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Remote Services

SMB/Windows Admin Shares

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceupx

behavioral2

defense_evasiondiscoverylateral_movementpersistenceupx

© 2018-2024

Terms | Privacy