6e0a506508a76afa2e312c188fdd7c7b53d1f0e60e950be6394aa5dd3cd94118 | Triage

Sharing

General

Target

1b809145405f7d103ebfe176ef50838d_JaffaCakes118
Size

324KB
Sample

240701-qxsyxavbke
MD5

1b809145405f7d103ebfe176ef50838d
SHA1

0bf2722e8099b1cbbed95261e58dd12709a53303
SHA256

6e0a506508a76afa2e312c188fdd7c7b53d1f0e60e950be6394aa5dd3cd94118
SHA512

d9dfff62eecc2e28dbdaef56dff13e7d496fd76e4684149a6dbc2dd08f6f99537617628241f0a28f41fc1a6caa48b217a94f9acaf1361f5ac22099940259b72d
SSDEEP

6144:guTvtvjzxpOd90IzWCRow1W0y1KX6FiqL17J8:Lvtv3xpOd/KCRoP06KX6/17i

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  1b809145405f7d103ebfe176ef50838d_JaffaCakes118
- Size
  
  324KB
- MD5
  
  1b809145405f7d103ebfe176ef50838d
- SHA1
  
  0bf2722e8099b1cbbed95261e58dd12709a53303
- SHA256
  
  6e0a506508a76afa2e312c188fdd7c7b53d1f0e60e950be6394aa5dd3cd94118
- SHA512
  
  d9dfff62eecc2e28dbdaef56dff13e7d496fd76e4684149a6dbc2dd08f6f99537617628241f0a28f41fc1a6caa48b217a94f9acaf1361f5ac22099940259b72d
- SSDEEP
  
  6144:guTvtvjzxpOd90IzWCRow1W0y1KX6FiqL17J8:Lvtv3xpOd/KCRoP06KX6/17i
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2