abdc6d35637eacfdf8dd9084f4d79c763d597c5c7d692d1257bdafdf47d4d322 | Triage

Sharing

General

Target

3a45a47b76d691818a076e3881370bd8_JaffaCakes118
Size

92KB
Sample

241012-qr1rkaxdlk
MD5

3a45a47b76d691818a076e3881370bd8
SHA1

bdbf85a4e5255b14242616a8727a48d024969e08
SHA256

abdc6d35637eacfdf8dd9084f4d79c763d597c5c7d692d1257bdafdf47d4d322
SHA512

da4d3a40e5892810e043dac1bed1ffd846f6104c55789513076961d4e2be1fffe18189735912f230adfed02f470a0d3c3f165ed20d0d54209cd4c11b66b10b06
SSDEEP

1536:W0WKSUNvMFZdVqyyKdHPOpuvmOrQVOTK4+EJsvQ7qUQt2vHvSxQxKMCW8TXwH:iXqyyKlPmerQVwJsvQ+jt8PSxQXGg

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  3a45a47b76d691818a076e3881370bd8_JaffaCakes118
- Size
  
  92KB
- MD5
  
  3a45a47b76d691818a076e3881370bd8
- SHA1
  
  bdbf85a4e5255b14242616a8727a48d024969e08
- SHA256
  
  abdc6d35637eacfdf8dd9084f4d79c763d597c5c7d692d1257bdafdf47d4d322
- SHA512
  
  da4d3a40e5892810e043dac1bed1ffd846f6104c55789513076961d4e2be1fffe18189735912f230adfed02f470a0d3c3f165ed20d0d54209cd4c11b66b10b06
- SSDEEP
  
  1536:W0WKSUNvMFZdVqyyKdHPOpuvmOrQVOTK4+EJsvQ7qUQt2vHvSxQxKMCW8TXwH:iXqyyKlPmerQVwJsvQ+jt8PSxQXGg
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence