01025fdf04475f34e7d55fa4199c92e5d7fa5d19b98de176d78213e313308109 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fda9e6ced88bf4072c9d3f916e1ffd55_JaffaCakes118
Size

324KB
Sample

240420-z3sd1aaf5z
MD5

fda9e6ced88bf4072c9d3f916e1ffd55
SHA1

049567765a4ac7b6cc286d15aa9e380163ff61a7
SHA256

01025fdf04475f34e7d55fa4199c92e5d7fa5d19b98de176d78213e313308109
SHA512

a92c43031d7c486940c15ca7c412f30c9c6824ac4d935e668cb56b5df16569637893e4f415178de5244885d8393ef23ca4aa1dc395cec5a41e2ef197c3438e60
SSDEEP

6144:KsLpPxrlfQQ6644KQO+JuBR8Q3wodowN8XV:KEpZd16jyOGq/wPV

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  fda9e6ced88bf4072c9d3f916e1ffd55_JaffaCakes118
- Size
  
  324KB
- MD5
  
  fda9e6ced88bf4072c9d3f916e1ffd55
- SHA1
  
  049567765a4ac7b6cc286d15aa9e380163ff61a7
- SHA256
  
  01025fdf04475f34e7d55fa4199c92e5d7fa5d19b98de176d78213e313308109
- SHA512
  
  a92c43031d7c486940c15ca7c412f30c9c6824ac4d935e668cb56b5df16569637893e4f415178de5244885d8393ef23ca4aa1dc395cec5a41e2ef197c3438e60
- SSDEEP
  
  6144:KsLpPxrlfQQ6644KQO+JuBR8Q3wodowN8XV:KEpZd16jyOGq/wPV
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2