af1c0948c016b09643c8052d970c62b1f078245e667190a70fc05251ccf0be6e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

081ef821bb5d109d904439d142b41fc1_JaffaCakes118
Size

306KB
Sample

240620-vshplaydnd
MD5

081ef821bb5d109d904439d142b41fc1
SHA1

e79dc450b6bb62f9c81d3bbd0c0c2c1304ee6284
SHA256

af1c0948c016b09643c8052d970c62b1f078245e667190a70fc05251ccf0be6e
SHA512

7251afa06592f3acdc4154ba76b2a724602345a35619af60ab007cd114be046d12037bc91f0d2a8cf265255b355b641cb392b5b706e5e271525d218fcaf33a40
SSDEEP

6144:WZgK4d8HTqfyYbq2qrdUQO9qqXPNNyAzG9T7kV0C/C:WmKE8HDlRTO9qqfGAUT7kKC/C

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  081ef821bb5d109d904439d142b41fc1_JaffaCakes118
- Size
  
  306KB
- MD5
  
  081ef821bb5d109d904439d142b41fc1
- SHA1
  
  e79dc450b6bb62f9c81d3bbd0c0c2c1304ee6284
- SHA256
  
  af1c0948c016b09643c8052d970c62b1f078245e667190a70fc05251ccf0be6e
- SHA512
  
  7251afa06592f3acdc4154ba76b2a724602345a35619af60ab007cd114be046d12037bc91f0d2a8cf265255b355b641cb392b5b706e5e271525d218fcaf33a40
- SSDEEP
  
  6144:WZgK4d8HTqfyYbq2qrdUQO9qqXPNNyAzG9T7kV0C/C:WmKE8HDlRTO9qqfGAUT7kKC/C
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2