662db986b1ff8e29e1e45511e9887da3b47b34b996b84d220198f20314092b06 | Triage

Sharing

General

Target

2ba489b4603cf60d69c1dcbe66e16402_JaffaCakes118
Size

73KB
Sample

241009-f3r9fsxalb
MD5

2ba489b4603cf60d69c1dcbe66e16402
SHA1

29efed75c69959eed8ae92f5920226da96065aa9
SHA256

662db986b1ff8e29e1e45511e9887da3b47b34b996b84d220198f20314092b06
SHA512

865f14de83bf2869150aef07ad501838a0ddf9a88e74c4f8fca5df4f08b4286cf409dd16c705caf49c1a92d66ac1df311392714019905fa2c633c2d623eb81d0
SSDEEP

1536:vUmB2v0zxhWE9TE94kr2PmHYS/tMfORSTlGgN/te:F7zFm4SiOAk2/te

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  2ba489b4603cf60d69c1dcbe66e16402_JaffaCakes118
- Size
  
  73KB
- MD5
  
  2ba489b4603cf60d69c1dcbe66e16402
- SHA1
  
  29efed75c69959eed8ae92f5920226da96065aa9
- SHA256
  
  662db986b1ff8e29e1e45511e9887da3b47b34b996b84d220198f20314092b06
- SHA512
  
  865f14de83bf2869150aef07ad501838a0ddf9a88e74c4f8fca5df4f08b4286cf409dd16c705caf49c1a92d66ac1df311392714019905fa2c633c2d623eb81d0
- SSDEEP
  
  1536:vUmB2v0zxhWE9TE94kr2PmHYS/tMfORSTlGgN/te:F7zFm4SiOAk2/te
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Drops file in Drivers directory
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence