4bd13d75a87412b90ccc5246a1a3b4c7cb867a7c31960d3f1f81aacc2c93941d | Triage

Sharing

General

Target

23209e06d16f92e8ee565c539058ca69_JaffaCakes118
Size

373KB
Sample

240703-vh9ekayhmm
MD5

23209e06d16f92e8ee565c539058ca69
SHA1

dfcb7401d0e5ed74c844d34c2183c442592512c0
SHA256

4bd13d75a87412b90ccc5246a1a3b4c7cb867a7c31960d3f1f81aacc2c93941d
SHA512

0ee4cc2d27ff9d3b656ec15ff6c39ecb066f6c0c636b81dde4fd2c34166b5aa322d184326f301a36e90edfcdd31c75ebd0cfc20995b62779835d5e8e37cf83b0
SSDEEP

6144:NLcT0nzQPSqzXX+ydn3nozW5TFYkI4uLZMGLv+xxxxxxxxxxxxxxxxngxxxxxxxL:NgT0zQPRHzdn34y3IbnLGxxxxxxxxxx8

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  23209e06d16f92e8ee565c539058ca69_JaffaCakes118
- Size
  
  373KB
- MD5
  
  23209e06d16f92e8ee565c539058ca69
- SHA1
  
  dfcb7401d0e5ed74c844d34c2183c442592512c0
- SHA256
  
  4bd13d75a87412b90ccc5246a1a3b4c7cb867a7c31960d3f1f81aacc2c93941d
- SHA512
  
  0ee4cc2d27ff9d3b656ec15ff6c39ecb066f6c0c636b81dde4fd2c34166b5aa322d184326f301a36e90edfcdd31c75ebd0cfc20995b62779835d5e8e37cf83b0
- SSDEEP
  
  6144:NLcT0nzQPSqzXX+ydn3nozW5TFYkI4uLZMGLv+xxxxxxxxxxxxxxxxngxxxxxxxL:NgT0zQPRHzdn34y3IbnLGxxxxxxxxxx8
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2