cae096ca764be6ac33896daaac5d26eacb48332c145ef8f086c0a98b1b6774a7 | Triage

Sharing

General

Target

1b249bde07c73f6df501d41c165fe43d_JaffaCakes118
Size

368KB
Sample

240701-nqtwhszaja
MD5

1b249bde07c73f6df501d41c165fe43d
SHA1

21a53228f06138bc2e22d73c061f3db923db5532
SHA256

cae096ca764be6ac33896daaac5d26eacb48332c145ef8f086c0a98b1b6774a7
SHA512

6ef73f3968dcb108abf2593ee39c51cacf7d20680a32df94d58e09dfb7120cfb73a39787df1a9bd3427ab346307529f0d9ffb5169f8f2b1b65e5a96fde9245b0
SSDEEP

6144:svKTFDKKX3DvcXvRe0UUdtuNObc/6e1X2llEBsvtQ71BlJ:cqTsed1N3NX2Hvw

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  1b249bde07c73f6df501d41c165fe43d_JaffaCakes118
- Size
  
  368KB
- MD5
  
  1b249bde07c73f6df501d41c165fe43d
- SHA1
  
  21a53228f06138bc2e22d73c061f3db923db5532
- SHA256
  
  cae096ca764be6ac33896daaac5d26eacb48332c145ef8f086c0a98b1b6774a7
- SHA512
  
  6ef73f3968dcb108abf2593ee39c51cacf7d20680a32df94d58e09dfb7120cfb73a39787df1a9bd3427ab346307529f0d9ffb5169f8f2b1b65e5a96fde9245b0
- SSDEEP
  
  6144:svKTFDKKX3DvcXvRe0UUdtuNObc/6e1X2llEBsvtQ71BlJ:cqTsed1N3NX2Hvw
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2