461bc6ec70f4ff311bf48212a4f4bdf89992df6d852dcbda7c298516350bd0e4 | Triage

Sharing

General

Target

26fd6c92e3a674b0867a61fe0ae6ce9c_JaffaCakes118
Size

124KB
Sample

240705-sggl2s1ajj
MD5

26fd6c92e3a674b0867a61fe0ae6ce9c
SHA1

fd33c20f398251632db5ecc896aaf47254429c5f
SHA256

461bc6ec70f4ff311bf48212a4f4bdf89992df6d852dcbda7c298516350bd0e4
SHA512

ff03e5767d4f2ed7119e572503a99c3bd63bb51cf112b873901df955e3a9fb86b7f9d071b28258825de1846d0015af4bea1f9b1815c8a6d04130216a66a1eb17
SSDEEP

768:F40vn8Soqg/Y6YQXNvP6znrwN3m1zty1IhB+j4pt8DtWKVKnpRKwRMGK2iLI+8Sp:d7oqg/YPQgzkKiIhk8pt84baUK2iM9S

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  26fd6c92e3a674b0867a61fe0ae6ce9c_JaffaCakes118
- Size
  
  124KB
- MD5
  
  26fd6c92e3a674b0867a61fe0ae6ce9c
- SHA1
  
  fd33c20f398251632db5ecc896aaf47254429c5f
- SHA256
  
  461bc6ec70f4ff311bf48212a4f4bdf89992df6d852dcbda7c298516350bd0e4
- SHA512
  
  ff03e5767d4f2ed7119e572503a99c3bd63bb51cf112b873901df955e3a9fb86b7f9d071b28258825de1846d0015af4bea1f9b1815c8a6d04130216a66a1eb17
- SSDEEP
  
  768:F40vn8Soqg/Y6YQXNvP6znrwN3m1zty1IhB+j4pt8DtWKVKnpRKwRMGK2iLI+8Sp:d7oqg/YPQgzkKiIhk8pt84baUK2iM9S
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2