2a03df419d6c6ae75dd211f5647dd986616133ef81e1dac7f2b5c2447702c467 | Triage

Sharing

General

Target

JaffaCakes118_f9fbbd4c6a8b4df3d5d08cba082a699a
Size

10.6MB
Sample

250111-hln7kszjgs
MD5

f9fbbd4c6a8b4df3d5d08cba082a699a
SHA1

723abb7421800d2a1297a29b3792414ea16573bc
SHA256

2a03df419d6c6ae75dd211f5647dd986616133ef81e1dac7f2b5c2447702c467
SHA512

06e426758ef3d32fa961d5f9e028377e7e8878d59c4e7936103dc0279d189033bed8e2bd9cf1e10203e698d96f2a3ac5bebdfe72d878c410c32faa70244df9b6
SSDEEP

196608:enAZFZNUmR+FWM9pwQpHKb2x257MgnFEz1sZsqw/UaM2hHEH11wN0v0p:eAZtFg0MfFxKI25IgcusqNPNcNk0p

Score

8^/10

execution

Malware Config

Targets

- Target
  
  JaffaCakes118_f9fbbd4c6a8b4df3d5d08cba082a699a
- Size
  
  10.6MB
- MD5
  
  f9fbbd4c6a8b4df3d5d08cba082a699a
- SHA1
  
  723abb7421800d2a1297a29b3792414ea16573bc
- SHA256
  
  2a03df419d6c6ae75dd211f5647dd986616133ef81e1dac7f2b5c2447702c467
- SHA512
  
  06e426758ef3d32fa961d5f9e028377e7e8878d59c4e7936103dc0279d189033bed8e2bd9cf1e10203e698d96f2a3ac5bebdfe72d878c410c32faa70244df9b6
- SSDEEP
  
  196608:enAZFZNUmR+FWM9pwQpHKb2x257MgnFEz1sZsqw/UaM2hHEH11wN0v0p:eAZtFg0MfFxKI25IgcusqNPNcNk0p
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2