900612605b9a9d556ed3bfad6d9f5d12f1c4344f3ece84f2d949d01f27c4e748 | Triage

Sharing

General

Target

05a73f4f5feafa626d45109665b50b8b_JaffaCakes118
Size

325KB
Sample

240624-aw2aws1aka
MD5

05a73f4f5feafa626d45109665b50b8b
SHA1

e37c6700712cc0077293e58004d43b335d7f831b
SHA256

900612605b9a9d556ed3bfad6d9f5d12f1c4344f3ece84f2d949d01f27c4e748
SHA512

9c56ca946c099f6b28d7095bf8a6aa55d755cea52f5b0f0c41d4ebde96cbdfc402b8beb99217fd2ef2e89e3d5480cceeecba1ba37e4e3614ebd1e5dad6794562
SSDEEP

6144:RGJGnyy0Gdv0Xlq9qUwfmlCDTqpzsMfFClUNlk8Fz:Rccv6UqUU3TqGqFCJ4

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  05a73f4f5feafa626d45109665b50b8b_JaffaCakes118
- Size
  
  325KB
- MD5
  
  05a73f4f5feafa626d45109665b50b8b
- SHA1
  
  e37c6700712cc0077293e58004d43b335d7f831b
- SHA256
  
  900612605b9a9d556ed3bfad6d9f5d12f1c4344f3ece84f2d949d01f27c4e748
- SHA512
  
  9c56ca946c099f6b28d7095bf8a6aa55d755cea52f5b0f0c41d4ebde96cbdfc402b8beb99217fd2ef2e89e3d5480cceeecba1ba37e4e3614ebd1e5dad6794562
- SSDEEP
  
  6144:RGJGnyy0Gdv0Xlq9qUwfmlCDTqpzsMfFClUNlk8Fz:Rccv6UqUU3TqGqFCJ4
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2