be39e5680f06b8b03772e880ea622aa4a75ce381d13c8c285954c197281afe84 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

0a9319f703...18.exe

windows7-x64

8

0a9319f703...18.exe

windows10-2004-x64

8

Sharing

General

Target

0a9319f703bf6a53735f04958044e557_JaffaCakes118
Size

108KB
Sample

240624-yrsd7azhmg
MD5

0a9319f703bf6a53735f04958044e557
SHA1

54143a9c60eed4204cb3adb161e12d3c3b5550bc
SHA256

be39e5680f06b8b03772e880ea622aa4a75ce381d13c8c285954c197281afe84
SHA512

a5cc37d0676814cd0ec5138383e81baa4ec2cb7f459b7f05602a12f4ac36f8b6e503b364ba43245f2eb8db8ca79f67bf4cc20ea986e89887eac12d559fc70270
SSDEEP

1536:jSXz96Wg+1yMC8nTAd/visDXWBiNLk6l2xyQFtVltJQCHCPjZ747Joxl:ibJpnTAd3iOmBiN46syQFtACibsS

Score

8^/10

defense_evasion discovery exploit

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0a9319f703bf6a53735f04958044e557_JaffaCakes118.exe

Resource

win7-20240220-en

defense_evasion discovery exploit

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

0a9319f703bf6a53735f04958044e557_JaffaCakes118.exe

Resource

win10v2004-20240611-en

defense_evasion discovery exploit

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  0a9319f703bf6a53735f04958044e557_JaffaCakes118
- Size
  
  108KB
- MD5
  
  0a9319f703bf6a53735f04958044e557
- SHA1
  
  54143a9c60eed4204cb3adb161e12d3c3b5550bc
- SHA256
  
  be39e5680f06b8b03772e880ea622aa4a75ce381d13c8c285954c197281afe84
- SHA512
  
  a5cc37d0676814cd0ec5138383e81baa4ec2cb7f459b7f05602a12f4ac36f8b6e503b364ba43245f2eb8db8ca79f67bf4cc20ea986e89887eac12d559fc70270
- SSDEEP
  
  1536:jSXz96Wg+1yMC8nTAd/visDXWBiNLk6l2xyQFtVltJQCHCPjZ747Joxl:ibJpnTAd3iOmBiN46syQFtACibsS
Score

8^/10

defense_evasion discovery exploit
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Windows File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

defense_evasiondiscoveryexploit

behavioral2

defense_evasiondiscoveryexploit

© 2018-2024

Terms | Privacy