7cc63f0d42487ed301de77481fe896f93be281fe9e43d485a6b66251587050de | Triage

Sharing

General

Target

0830238d0c569284c42bd0753f8fb3d5_JaffaCakes118
Size

361KB
Sample

240624-ndek3asgll
MD5

0830238d0c569284c42bd0753f8fb3d5
SHA1

55d1e78303e9b914628df9ccc2c4d51085acd957
SHA256

7cc63f0d42487ed301de77481fe896f93be281fe9e43d485a6b66251587050de
SHA512

e46e21ad844cceaf70597673ed343dc59aa6d0d2f6b8babbbbca0614e3e8f8e91cdd97fc5878285eefbb3d7787ca31ac04bc99e392570feacf875913536999b1
SSDEEP

6144:+867Jmm4lnW2PRTTC0VRNhP+WsnxiP8Auom:+5P4IWBhVPnsno8rF

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  0830238d0c569284c42bd0753f8fb3d5_JaffaCakes118
- Size
  
  361KB
- MD5
  
  0830238d0c569284c42bd0753f8fb3d5
- SHA1
  
  55d1e78303e9b914628df9ccc2c4d51085acd957
- SHA256
  
  7cc63f0d42487ed301de77481fe896f93be281fe9e43d485a6b66251587050de
- SHA512
  
  e46e21ad844cceaf70597673ed343dc59aa6d0d2f6b8babbbbca0614e3e8f8e91cdd97fc5878285eefbb3d7787ca31ac04bc99e392570feacf875913536999b1
- SSDEEP
  
  6144:+867Jmm4lnW2PRTTC0VRNhP+WsnxiP8Auom:+5P4IWBhVPnsno8rF
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2