be984dcb05ac824b5ffcab2d7c0c2c5f131da0801c8efb93e953a65d71cadd41 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

19e46408cd...18.exe

windows7-x64

8

19e46408cd...18.exe

windows10-2004-x64

8

Sharing

General

Target

19e46408cdf85c1790728b2ad1e00dec_JaffaCakes118
Size

108KB
Sample

240628-m8n8bawdqa
MD5

19e46408cdf85c1790728b2ad1e00dec
SHA1

f5c355b93840cb4038852d67611ca7160a5692f3
SHA256

be984dcb05ac824b5ffcab2d7c0c2c5f131da0801c8efb93e953a65d71cadd41
SHA512

641dda503ec23dec97562952d297bac137f0064b47f47837c73f8d42c76e8c4c26f69eae5e0e5bf2653c8ad754f5520460b54d5410cc5c359676cf4415523754
SSDEEP

3072:AxCuqnzsUkYrPHl5dBONYIoriXIrKfiHpI61FFTF:Ax/YrLdBONYH+IrK0I61

Score

8^/10

defense_evasion discovery exploit

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

19e46408cdf85c1790728b2ad1e00dec_JaffaCakes118.exe

Resource

win7-20240221-en

defense_evasion discovery exploit

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

19e46408cdf85c1790728b2ad1e00dec_JaffaCakes118.exe

Resource

win10v2004-20240508-en

defense_evasion discovery exploit

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  19e46408cdf85c1790728b2ad1e00dec_JaffaCakes118
- Size
  
  108KB
- MD5
  
  19e46408cdf85c1790728b2ad1e00dec
- SHA1
  
  f5c355b93840cb4038852d67611ca7160a5692f3
- SHA256
  
  be984dcb05ac824b5ffcab2d7c0c2c5f131da0801c8efb93e953a65d71cadd41
- SHA512
  
  641dda503ec23dec97562952d297bac137f0064b47f47837c73f8d42c76e8c4c26f69eae5e0e5bf2653c8ad754f5520460b54d5410cc5c359676cf4415523754
- SSDEEP
  
  3072:AxCuqnzsUkYrPHl5dBONYIoriXIrKfiHpI61FFTF:Ax/YrLdBONYH+IrK0I61
Score

8^/10

defense_evasion discovery exploit
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Windows File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

defense_evasiondiscoveryexploit

behavioral2

defense_evasiondiscoveryexploit

© 2018-2024

Terms | Privacy