2b390d8f3d2320be2a5ddee8263fd0101e3ed5d8a3bd440d43285c8571dfd54d | Triage

Sharing

General

Target

1ba8b7ae6aadf166732aeb9fbb8f5dcc_JaffaCakes118
Size

715KB
Sample

240701-rv8r1szgpp
MD5

1ba8b7ae6aadf166732aeb9fbb8f5dcc
SHA1

4a94b6ceec683657f1b46c1ac9d9ca26a1cd4404
SHA256

2b390d8f3d2320be2a5ddee8263fd0101e3ed5d8a3bd440d43285c8571dfd54d
SHA512

00df4f3d3a2036831facf6def0c9ef2a07c7edc081d85facd94e52dc027405d7a893e762c00b147c5ba1a11aa1e60c81760c018d8de98be99b68744760e05c24
SSDEEP

12288:gEPNwDwRqkEBcbeJRFjGBPzU429S7dpJ5KkPqQGHSz3Vt69Gn3gaxXeAJP2+8YR:ggwcQiciBwyj5z32I92s

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1ba8b7ae6aadf166732aeb9fbb8f5dcc_JaffaCakes118
- Size
  
  715KB
- MD5
  
  1ba8b7ae6aadf166732aeb9fbb8f5dcc
- SHA1
  
  4a94b6ceec683657f1b46c1ac9d9ca26a1cd4404
- SHA256
  
  2b390d8f3d2320be2a5ddee8263fd0101e3ed5d8a3bd440d43285c8571dfd54d
- SHA512
  
  00df4f3d3a2036831facf6def0c9ef2a07c7edc081d85facd94e52dc027405d7a893e762c00b147c5ba1a11aa1e60c81760c018d8de98be99b68744760e05c24
- SSDEEP
  
  12288:gEPNwDwRqkEBcbeJRFjGBPzU429S7dpJ5KkPqQGHSz3Vt69Gn3gaxXeAJP2+8YR:ggwcQiciBwyj5z32I92s
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2