69fb6504ffd22dd07b8cd457e71f68900bfd7ebc63d7b845300664c977290c2d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07d1194174001246a367908961fc325a_JaffaCakes118
Size

347KB
Sample

240624-lxjysaweqa
MD5

07d1194174001246a367908961fc325a
SHA1

35ac0e27902fc1192aca11837dd5bdda41124fc3
SHA256

69fb6504ffd22dd07b8cd457e71f68900bfd7ebc63d7b845300664c977290c2d
SHA512

d87c620dd3eeeba027ef6bafa8b02ffa6f957682385d6cd083f43b87906e47b06ab948a6f4e6b2930d4d5ac3ea7f91931fe6d90c64e14ae1423ef4659a6b2f36
SSDEEP

6144:OZzdSNMUWjhGzR06DNBR/dfOGZtTUS/Gj79ovsS8X52azd:O6dRRlfOGZxsj7W02gd

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  07d1194174001246a367908961fc325a_JaffaCakes118
- Size
  
  347KB
- MD5
  
  07d1194174001246a367908961fc325a
- SHA1
  
  35ac0e27902fc1192aca11837dd5bdda41124fc3
- SHA256
  
  69fb6504ffd22dd07b8cd457e71f68900bfd7ebc63d7b845300664c977290c2d
- SHA512
  
  d87c620dd3eeeba027ef6bafa8b02ffa6f957682385d6cd083f43b87906e47b06ab948a6f4e6b2930d4d5ac3ea7f91931fe6d90c64e14ae1423ef4659a6b2f36
- SSDEEP
  
  6144:OZzdSNMUWjhGzR06DNBR/dfOGZtTUS/Gj79ovsS8X52azd:O6dRRlfOGZxsj7W02gd
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2