659918f9b61c39cce96be45969d809fbf096b9c25a9c3cd2f8db583978436c1a | Triage

Sharing

General

Target

12015299ab4645aae7f99d4516a0dd3c_JaffaCakes118
Size

49KB
Sample

241004-f2s5cswfpp
MD5

12015299ab4645aae7f99d4516a0dd3c
SHA1

d8b2a29bb6a2924e382f7546827ac5437f705a89
SHA256

659918f9b61c39cce96be45969d809fbf096b9c25a9c3cd2f8db583978436c1a
SHA512

c5c0d48bf1ded83155bdab796ee268ef028be065b3e818124c710c50c15deac3da168e7b04629580c7b29e8b39e5786cabc917cd5416147b50f556357014ea4b
SSDEEP

768:FnAYThnRJfc3O9wVI+dOaRbYxZCHfsNqmBJHXnNKbqKB9ntasFS6rjnBusNn9BxI:FAkk3fLpRbYnKcZXnNCJB/EwBug9z1q

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  12015299ab4645aae7f99d4516a0dd3c_JaffaCakes118
- Size
  
  49KB
- MD5
  
  12015299ab4645aae7f99d4516a0dd3c
- SHA1
  
  d8b2a29bb6a2924e382f7546827ac5437f705a89
- SHA256
  
  659918f9b61c39cce96be45969d809fbf096b9c25a9c3cd2f8db583978436c1a
- SHA512
  
  c5c0d48bf1ded83155bdab796ee268ef028be065b3e818124c710c50c15deac3da168e7b04629580c7b29e8b39e5786cabc917cd5416147b50f556357014ea4b
- SSDEEP
  
  768:FnAYThnRJfc3O9wVI+dOaRbYxZCHfsNqmBJHXnNKbqKB9ntasFS6rjnBusNn9BxI:FAkk3fLpRbYnKcZXnNCJB/EwBug9z1q
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence