1964432ca1af473893d804ca11c746f611eb1a1854efab16dc20eeb6a297ebe2 | Triage

Sharing

General

Target

1c4432e4819d40ee50ec3e257016b3fa_JaffaCakes118
Size

700KB
Sample

240701-yehdfswblf
MD5

1c4432e4819d40ee50ec3e257016b3fa
SHA1

d550295bcd5d52d580ea8e0688f37bd5c5b4e0a8
SHA256

1964432ca1af473893d804ca11c746f611eb1a1854efab16dc20eeb6a297ebe2
SHA512

e93e0e6957aabef915e7a1ba0e375a1b42dec203872875da88eccd096e6f5863e03ab3dd2dcdb7dbc0253a1866c108052c127d5c25e0733b27205c172b0c440f
SSDEEP

12288:5gXuycBnb0uafX0iKM1wIOXSTfP9/v1QL8lpKB:5gfcBnLGBOizPxvGolpO

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1c4432e4819d40ee50ec3e257016b3fa_JaffaCakes118
- Size
  
  700KB
- MD5
  
  1c4432e4819d40ee50ec3e257016b3fa
- SHA1
  
  d550295bcd5d52d580ea8e0688f37bd5c5b4e0a8
- SHA256
  
  1964432ca1af473893d804ca11c746f611eb1a1854efab16dc20eeb6a297ebe2
- SHA512
  
  e93e0e6957aabef915e7a1ba0e375a1b42dec203872875da88eccd096e6f5863e03ab3dd2dcdb7dbc0253a1866c108052c127d5c25e0733b27205c172b0c440f
- SSDEEP
  
  12288:5gXuycBnb0uafX0iKM1wIOXSTfP9/v1QL8lpKB:5gfcBnLGBOizPxvGolpO
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence