3d7c4f208462262350362b5114e3adb54a1610a125a3b70c7790974137283e97 | Triage

Sharing

General

Target

eab618af96fa8ae6bbb9ffd954a950e6_JaffaCakes118
Size

819KB
Sample

240919-gm5ehsthmj
MD5

eab618af96fa8ae6bbb9ffd954a950e6
SHA1

115aca6ea9023f62064918d5c9cb055b064f7b2c
SHA256

3d7c4f208462262350362b5114e3adb54a1610a125a3b70c7790974137283e97
SHA512

e546324e467845356e1a2504ac7a858d60b0e27e925a905d6f2d47f7f6193b37b14c0d8c63dedaa67b2a987c82f53d0580712806bb27fc6d8ab992d1a0859836
SSDEEP

6144:UZfec9EbXDk6Rk8KzGFrQZb++tdsHP4+QfI6UsrG1VVE+Ih/UOPSe570Szp3Znmw:UZWtI6RkderQZb+md4w1U4upOB06Kut

Score

10^/10

defense_evasion discovery evasion execution persistence

Malware Config

Targets

- Target
  
  eab618af96fa8ae6bbb9ffd954a950e6_JaffaCakes118
- Size
  
  819KB
- MD5
  
  eab618af96fa8ae6bbb9ffd954a950e6
- SHA1
  
  115aca6ea9023f62064918d5c9cb055b064f7b2c
- SHA256
  
  3d7c4f208462262350362b5114e3adb54a1610a125a3b70c7790974137283e97
- SHA512
  
  e546324e467845356e1a2504ac7a858d60b0e27e925a905d6f2d47f7f6193b37b14c0d8c63dedaa67b2a987c82f53d0580712806bb27fc6d8ab992d1a0859836
- SSDEEP
  
  6144:UZfec9EbXDk6Rk8KzGFrQZb++tdsHP4+QfI6UsrG1VVE+Ih/UOPSe570Szp3Znmw:UZWtI6RkderQZb+md4w1U4upOB06Kut
Score

10^/10

defense_evasion discovery evasion execution persistence
- Disables service(s)
  evasion execution
- Modifies visibility of file extensions in Explorer
  evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Network Share Discovery

System Location Discovery

System Language Discovery

System Time Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionexecutionpersistence

behavioral2

defense_evasiondiscoveryevasionexecutionpersistence