c2825227ad839c4b4a5b881cb27c9fcae1cd321d07401b4bd067fe8e3d84b6da | Triage

Sharing

Copy URL Twitter E-mail

General

Target

168359cb107f0a683cc3b6cc9ad3bd33_JaffaCakes118
Size

329KB
Sample

240627-stnacszdnn
MD5

168359cb107f0a683cc3b6cc9ad3bd33
SHA1

dfa76d77846020954a103cdd464035cd352c6b3e
SHA256

c2825227ad839c4b4a5b881cb27c9fcae1cd321d07401b4bd067fe8e3d84b6da
SHA512

01fbc932cb0113e56a0932f0f4311a7396b920bb757b7e0e214b81831233a086656bb6aec72639793f9af15509d9a105835667753344fb9edc836207b1ce3f0c
SSDEEP

6144:qtEq7FUg/iyUXe2ZsD9eBVtQRlc12iVkIFzt9TLSDoC3FHvKHM6nfT:qaQFRiym920jcc1f9x9XS335vH0

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  168359cb107f0a683cc3b6cc9ad3bd33_JaffaCakes118
- Size
  
  329KB
- MD5
  
  168359cb107f0a683cc3b6cc9ad3bd33
- SHA1
  
  dfa76d77846020954a103cdd464035cd352c6b3e
- SHA256
  
  c2825227ad839c4b4a5b881cb27c9fcae1cd321d07401b4bd067fe8e3d84b6da
- SHA512
  
  01fbc932cb0113e56a0932f0f4311a7396b920bb757b7e0e214b81831233a086656bb6aec72639793f9af15509d9a105835667753344fb9edc836207b1ce3f0c
- SSDEEP
  
  6144:qtEq7FUg/iyUXe2ZsD9eBVtQRlc12iVkIFzt9TLSDoC3FHvKHM6nfT:qaQFRiym920jcc1f9x9XS335vH0
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2