419883d77c8e01ce4cfa845d0bb39e5fd5b96edb4207d737344031b2044bdf0d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e9dff0f25d00fe094f3500fa146ffa70_JaffaCakes118
Size

128KB
Sample

240918-yqdjms1ame
MD5

e9dff0f25d00fe094f3500fa146ffa70
SHA1

aa19be2e33a38a2bcec456e084fc765bbe88b990
SHA256

419883d77c8e01ce4cfa845d0bb39e5fd5b96edb4207d737344031b2044bdf0d
SHA512

9137105a9c2f5596e056e337ad6fac17237b197b261b751d87197ebf9ad680ab3a32bdac2e7394bbc401ddcc5263f6fca89ccfb1b4845c5b45ccc8ab265c820e
SSDEEP

3072:4wDhYw08FlJqS2ZMERyV7arE7lGcU4G/rjWrGKl3OL5PFn0wcccccccc:4w1YsqS2xEYcU4G/mrrl30PFn0wcccc/

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  e9dff0f25d00fe094f3500fa146ffa70_JaffaCakes118
- Size
  
  128KB
- MD5
  
  e9dff0f25d00fe094f3500fa146ffa70
- SHA1
  
  aa19be2e33a38a2bcec456e084fc765bbe88b990
- SHA256
  
  419883d77c8e01ce4cfa845d0bb39e5fd5b96edb4207d737344031b2044bdf0d
- SHA512
  
  9137105a9c2f5596e056e337ad6fac17237b197b261b751d87197ebf9ad680ab3a32bdac2e7394bbc401ddcc5263f6fca89ccfb1b4845c5b45ccc8ab265c820e
- SSDEEP
  
  3072:4wDhYw08FlJqS2ZMERyV7arE7lGcU4G/rjWrGKl3OL5PFn0wcccccccc:4w1YsqS2xEYcU4G/mrrl30PFn0wcccc/
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2