3b51901a22d391214e96306944ba74b046493d4d449ee08783dc8b66fd10502c | Triage

Sharing

General

Target

08b504efe1875b30f7ef6410aef68524_JaffaCakes118
Size

294KB
Sample

240624-qes6ysxcqk
MD5

08b504efe1875b30f7ef6410aef68524
SHA1

4cd1d2b2e2cbafeac611368ceb98530a693637ef
SHA256

3b51901a22d391214e96306944ba74b046493d4d449ee08783dc8b66fd10502c
SHA512

a46a1e1e8d59e42621d11cbe4b91b0d772ad11e1af6d86148c872b44a006abf466ddede3874d65bec302ffd855104e0e2abfd1f8983bf2f75a8c01370c8ef38c
SSDEEP

6144:GgOMMB7FAFJh6ydWE5O9wGajkc9Yw2k+MXZBB8alTRTLs7v:G8q7FAsyD5FGa72NMJBBj3Xs7v

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  08b504efe1875b30f7ef6410aef68524_JaffaCakes118
- Size
  
  294KB
- MD5
  
  08b504efe1875b30f7ef6410aef68524
- SHA1
  
  4cd1d2b2e2cbafeac611368ceb98530a693637ef
- SHA256
  
  3b51901a22d391214e96306944ba74b046493d4d449ee08783dc8b66fd10502c
- SHA512
  
  a46a1e1e8d59e42621d11cbe4b91b0d772ad11e1af6d86148c872b44a006abf466ddede3874d65bec302ffd855104e0e2abfd1f8983bf2f75a8c01370c8ef38c
- SSDEEP
  
  6144:GgOMMB7FAFJh6ydWE5O9wGajkc9Yw2k+MXZBB8alTRTLs7v:G8q7FAsyD5FGa72NMJBBj3Xs7v
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2