Overview

overview

8

Static

static

3

165e7aafbe...18.exe

windows7-x64

8

165e7aafbe...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    165e7aafbe4004830aa16ccad36b9417_JaffaCakes118

  • Size

    4.7MB

  • Sample

    241005-gbjzfaseph

  • MD5

    165e7aafbe4004830aa16ccad36b9417

  • SHA1

    1db2540ea9877bddf34cab1c80eade9b174cd305

  • SHA256

    0210741c013c4e41ac6ad5fb5264854931dca4ddec424a4047ea5ed4fcc360a7

  • SHA512

    74a7b0048b765294355854ee507210c1de79f9305df6cbfa7a7fff0a7997535c9c49c6f2ec0f11549cabb55a3a474d318f38c118dc45f3f1d831a63c03769b4c

  • SSDEEP

    98304:uB7t0NrEWNREx3ApTqZMZtG+213YXZLxDL6/faeKntNaBn9ORjSTIe:uBGrE8ReAlAj13YvDe/faeKnt0ajCIe

Score
8/10
discoveryevasionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      165e7aafbe4004830aa16ccad36b9417_JaffaCakes118

    • Size

      4.7MB

    • MD5

      165e7aafbe4004830aa16ccad36b9417

    • SHA1

      1db2540ea9877bddf34cab1c80eade9b174cd305

    • SHA256

      0210741c013c4e41ac6ad5fb5264854931dca4ddec424a4047ea5ed4fcc360a7

    • SHA512

      74a7b0048b765294355854ee507210c1de79f9305df6cbfa7a7fff0a7997535c9c49c6f2ec0f11549cabb55a3a474d318f38c118dc45f3f1d831a63c03769b4c

    • SSDEEP

      98304:uB7t0NrEWNREx3ApTqZMZtG+213YXZLxDL6/faeKntNaBn9ORjSTIe:uBGrE8ReAlAj13YvDe/faeKnt0ajCIe

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks