7910b7ea31d604fbbfe578a943d402b69f26f41b0c4a4070982509f1617ca5c7 | Triage

Sharing

General

Target

2201d6e11a8a3ba0d84e24d91af642d7_JaffaCakes118
Size

374KB
Sample

240703-men1fsxglg
MD5

2201d6e11a8a3ba0d84e24d91af642d7
SHA1

d21f9a9a5b880cfe37d189128c9e021b57850db4
SHA256

7910b7ea31d604fbbfe578a943d402b69f26f41b0c4a4070982509f1617ca5c7
SHA512

4d789a2ae43e5e204cb7390a24d73f728bb9a7a5ac6823d9e5c9d2d105172874343f531a6164e016ec7e7dee2c734efaea54111d3dc65364dd88334709424f0b
SSDEEP

6144:uAXnN5hW63cPkLCWp+kxLaazQ/rJ6aQ/URPERT2ElYRktprr5tk:uA95ht3cPkLXp+k5bzQ/V6a/h4eur/k

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2201d6e11a8a3ba0d84e24d91af642d7_JaffaCakes118
- Size
  
  374KB
- MD5
  
  2201d6e11a8a3ba0d84e24d91af642d7
- SHA1
  
  d21f9a9a5b880cfe37d189128c9e021b57850db4
- SHA256
  
  7910b7ea31d604fbbfe578a943d402b69f26f41b0c4a4070982509f1617ca5c7
- SHA512
  
  4d789a2ae43e5e204cb7390a24d73f728bb9a7a5ac6823d9e5c9d2d105172874343f531a6164e016ec7e7dee2c734efaea54111d3dc65364dd88334709424f0b
- SSDEEP
  
  6144:uAXnN5hW63cPkLCWp+kxLaazQ/rJ6aQ/URPERT2ElYRktprr5tk:uA95ht3cPkLXp+k5bzQ/V6a/h4eur/k
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2