Overview

overview

10

Static

static

3

453cb2d1db...18.exe

windows7-x64

10

453cb2d1db...18.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    453cb2d1dbfa22b3b13b14e04d5d0ec8_JaffaCakes118

  • Size

    30KB

  • Sample

    241015-cabjfsxgph

  • MD5

    453cb2d1dbfa22b3b13b14e04d5d0ec8

  • SHA1

    ace36a9d434a24f6173964f826595043a8535a79

  • SHA256

    d064ea1157a9bf4b99ac0a4cb90a2a74099d060c2202cebedacd12ab54edcf02

  • SHA512

    6658162549a063503610d1c7e44e00ae21a8dd901119ee9a73dd8492efeb2a6670a84f2aa36b7e9296a23f5cb5818b2b5dfdb21ddfefa423ea535d9813598a66

  • SSDEEP

    768:7cyiJeMtNStKIrXEt7V3GmWmnbcuyD7U/u9:SdtNStvrXa71vnouy8G9

Score
10/10
discoveryevasionexecutionpersistencetrojan

Malware Config

Targets

    • Target

      453cb2d1dbfa22b3b13b14e04d5d0ec8_JaffaCakes118

    • Size

      30KB

    • MD5

      453cb2d1dbfa22b3b13b14e04d5d0ec8

    • SHA1

      ace36a9d434a24f6173964f826595043a8535a79

    • SHA256

      d064ea1157a9bf4b99ac0a4cb90a2a74099d060c2202cebedacd12ab54edcf02

    • SHA512

      6658162549a063503610d1c7e44e00ae21a8dd901119ee9a73dd8492efeb2a6670a84f2aa36b7e9296a23f5cb5818b2b5dfdb21ddfefa423ea535d9813598a66

    • SSDEEP

      768:7cyiJeMtNStKIrXEt7V3GmWmnbcuyD7U/u9:SdtNStvrXa71vnouy8G9

    Score
    10/10
    discoveryevasionexecutionpersistencetrojan

    • UAC bypass

      evasiontrojan

    • Stops running service(s)

      evasionexecution

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

2
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

3
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

1
T1489

Tasks