1f0f5ca8f51b8f0c56aca6ab6214d0eba89856c7051c490a68a1b0ebbbc1b7d9 | Triage

Sharing

General

Target

0852f99b88f8ce280ca53a8214a2d074_JaffaCakes118
Size

307KB
Sample

240624-nxe1yazgnc
MD5

0852f99b88f8ce280ca53a8214a2d074
SHA1

d4983e49361dc950147b8d4be3da838548460191
SHA256

1f0f5ca8f51b8f0c56aca6ab6214d0eba89856c7051c490a68a1b0ebbbc1b7d9
SHA512

e6be12973845c054afa89aa3170640b4e7727b25fe9119ff8c81d23980f158be5619d73ff33fd884e1c91909ad48d54504c24dd4309bed90ec9c1d5a191b6aa8
SSDEEP

6144:rxYzQ9SEr2I6jBZNp0H8vIz3YX5Sze2wpchpkUJ1HVBh4kHIC:rzSs6j5QTKk9h1HVAC

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  0852f99b88f8ce280ca53a8214a2d074_JaffaCakes118
- Size
  
  307KB
- MD5
  
  0852f99b88f8ce280ca53a8214a2d074
- SHA1
  
  d4983e49361dc950147b8d4be3da838548460191
- SHA256
  
  1f0f5ca8f51b8f0c56aca6ab6214d0eba89856c7051c490a68a1b0ebbbc1b7d9
- SHA512
  
  e6be12973845c054afa89aa3170640b4e7727b25fe9119ff8c81d23980f158be5619d73ff33fd884e1c91909ad48d54504c24dd4309bed90ec9c1d5a191b6aa8
- SSDEEP
  
  6144:rxYzQ9SEr2I6jBZNp0H8vIz3YX5Sze2wpchpkUJ1HVBh4kHIC:rzSs6j5QTKk9h1HVAC
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2