ee6ef55f7b47822b0f3ede88c89e48db56149e8b0ccb5e7128b992f3bc281696 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3cb5494f33ca2f2dfd0ac1d944e9f2cd_JaffaCakes118
Size

38KB
Sample

241012-3zd9rasfmk
MD5

3cb5494f33ca2f2dfd0ac1d944e9f2cd
SHA1

e7206ba2fd8b7a9aea497599ecee30e4087d1a66
SHA256

ee6ef55f7b47822b0f3ede88c89e48db56149e8b0ccb5e7128b992f3bc281696
SHA512

dde9d06b21b36bc9efdb83cc887494a857d8e22ea9e976e47ddbb4e13982f6dc8d4aef2273ae07cf3f11125cf19949391ef53423a083676fe3d4c59b8cf80184
SSDEEP

768:8dQjMidJs3ZK7uWk/DkQrrn6dWYjkCEKdMJU2j9PB1ULn6vMPYd:8UPdJ0KyTDkQHnYpjQ+eN5PBe76v+

Score

8^/10

discovery evasion execution persistence

Malware Config

Targets

- Target
  
  3cb5494f33ca2f2dfd0ac1d944e9f2cd_JaffaCakes118
- Size
  
  38KB
- MD5
  
  3cb5494f33ca2f2dfd0ac1d944e9f2cd
- SHA1
  
  e7206ba2fd8b7a9aea497599ecee30e4087d1a66
- SHA256
  
  ee6ef55f7b47822b0f3ede88c89e48db56149e8b0ccb5e7128b992f3bc281696
- SHA512
  
  dde9d06b21b36bc9efdb83cc887494a857d8e22ea9e976e47ddbb4e13982f6dc8d4aef2273ae07cf3f11125cf19949391ef53423a083676fe3d4c59b8cf80184
- SSDEEP
  
  768:8dQjMidJs3ZK7uWk/DkQrrn6dWYjkCEKdMJU2j9PB1ULn6vMPYd:8UPdJ0KyTDkQHnYpjQ+eN5PBe76v+
Score

8^/10

discovery evasion execution persistence
- Drops file in Drivers directory
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexecution

behavioral2

discoveryevasionexecutionpersistence