32224d8ce9b9eac3e7af9ce9a43dabf9580d93947ceb00f69c82d1c49a12f512 | Triage

Sharing

General

Target

04eb80dd59dd7ebe739b61cdfc6662c0_JaffaCakes118
Size

491KB
Sample

240620-lwxhgsvgrm
MD5

04eb80dd59dd7ebe739b61cdfc6662c0
SHA1

d900163f1fc7fbd62b1720af9f7c100ae351ace5
SHA256

32224d8ce9b9eac3e7af9ce9a43dabf9580d93947ceb00f69c82d1c49a12f512
SHA512

b252ace8fb1ac3ce786b82caedb64d430619c110b1d04f2ec1cd521a68f432527dd55692bfbc7b00358161760ef1767d561a221f764f1136024cc5f442197ea9
SSDEEP

6144:u9tsz0ctIHFxQ/cKrL+i8HeRg7cQldsD7tLAB8:u6NtIPQ/rutgQlutI

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  04eb80dd59dd7ebe739b61cdfc6662c0_JaffaCakes118
- Size
  
  491KB
- MD5
  
  04eb80dd59dd7ebe739b61cdfc6662c0
- SHA1
  
  d900163f1fc7fbd62b1720af9f7c100ae351ace5
- SHA256
  
  32224d8ce9b9eac3e7af9ce9a43dabf9580d93947ceb00f69c82d1c49a12f512
- SHA512
  
  b252ace8fb1ac3ce786b82caedb64d430619c110b1d04f2ec1cd521a68f432527dd55692bfbc7b00358161760ef1767d561a221f764f1136024cc5f442197ea9
- SSDEEP
  
  6144:u9tsz0ctIHFxQ/cKrL+i8HeRg7cQldsD7tLAB8:u6NtIPQ/rutgQlutI
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2