50fc7cf932afde372c99253d7c377e9b520051641577a8ca53a0c32f4bfa16c9 | Triage

Sharing

General

Target

f7c5c1bdc864f26de17d3476cdad2afc_JaffaCakes118
Size

189KB
Sample

240418-l6d4wsbc6t
MD5

f7c5c1bdc864f26de17d3476cdad2afc
SHA1

b27ad10df04b9183473cc351887e30f5b5d74d6a
SHA256

50fc7cf932afde372c99253d7c377e9b520051641577a8ca53a0c32f4bfa16c9
SHA512

7f55c1b8d474786328d0545e8b6a0fbf8963cc57f986a312d9e6b7f910a758553b9fc33e545466e130300ab8c298f6e2faf1d9c0554ec5ac3da335ebf80dcb32
SSDEEP

3072:ocUcm0X3qDOUwUNvo8Hj/64qDuibRsksL7I:ocUK3qDpvTT6LDuib2PA

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  f7c5c1bdc864f26de17d3476cdad2afc_JaffaCakes118
- Size
  
  189KB
- MD5
  
  f7c5c1bdc864f26de17d3476cdad2afc
- SHA1
  
  b27ad10df04b9183473cc351887e30f5b5d74d6a
- SHA256
  
  50fc7cf932afde372c99253d7c377e9b520051641577a8ca53a0c32f4bfa16c9
- SHA512
  
  7f55c1b8d474786328d0545e8b6a0fbf8963cc57f986a312d9e6b7f910a758553b9fc33e545466e130300ab8c298f6e2faf1d9c0554ec5ac3da335ebf80dcb32
- SSDEEP
  
  3072:ocUcm0X3qDOUwUNvo8Hj/64qDuibRsksL7I:ocUK3qDpvTT6LDuib2PA
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2