261b673fac1034df189cffdb00b8001dc315ea45ce76a5c17e497c9276264500 | Triage

Sharing

General

Target

fe2d09088dcd491e72b14b45a05a95f2_JaffaCakes118
Size

132KB
Sample

240421-chmxfsgc55
MD5

fe2d09088dcd491e72b14b45a05a95f2
SHA1

93be0ff158e270618d17f6baaa96a5a4a70541ab
SHA256

261b673fac1034df189cffdb00b8001dc315ea45ce76a5c17e497c9276264500
SHA512

fa196888c53ad7f4bb5450a823e1dac02dbc600f32dbb1e2e3834f77b6eeaae68f734a60ffc270e651d1b63b92f29a99c9a6fb4ca36858c3a96621c6b0e6dd78
SSDEEP

3072:sStXGrfcaQHlJTjNa646nLbOgveBXDA1Nz/iORPC/n:sPfJolJ1V4cV2eNDM/

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  fe2d09088dcd491e72b14b45a05a95f2_JaffaCakes118
- Size
  
  132KB
- MD5
  
  fe2d09088dcd491e72b14b45a05a95f2
- SHA1
  
  93be0ff158e270618d17f6baaa96a5a4a70541ab
- SHA256
  
  261b673fac1034df189cffdb00b8001dc315ea45ce76a5c17e497c9276264500
- SHA512
  
  fa196888c53ad7f4bb5450a823e1dac02dbc600f32dbb1e2e3834f77b6eeaae68f734a60ffc270e651d1b63b92f29a99c9a6fb4ca36858c3a96621c6b0e6dd78
- SSDEEP
  
  3072:sStXGrfcaQHlJTjNa646nLbOgveBXDA1Nz/iORPC/n:sPfJolJ1V4cV2eNDM/
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2