a356ee27bbb4e11aae31bac5b98684358ba4ef5d9b7621e768f0dd0cd317c0da | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28feb29c14aa0d793620e23f9fc2269e_JaffaCakes118
Size

192KB
Sample

240706-vzrk3swhjq
MD5

28feb29c14aa0d793620e23f9fc2269e
SHA1

a2c1480b7da11168bffc85e26162fe9bf3935d04
SHA256

a356ee27bbb4e11aae31bac5b98684358ba4ef5d9b7621e768f0dd0cd317c0da
SHA512

a47799b94bf05813fa2a3755e85fbca6f97a6b59197082c9e20d43a41a5dca69ce5682c5de7e6a7094f28e5a8c91c5376818fbec3f977f0ef77aa088287645ed
SSDEEP

3072:aGNFtPwgwfL4CCwPSO1Cq2D2YtkDugUkN/sf:aYptwfL4C67DLEugfN/s

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  28feb29c14aa0d793620e23f9fc2269e_JaffaCakes118
- Size
  
  192KB
- MD5
  
  28feb29c14aa0d793620e23f9fc2269e
- SHA1
  
  a2c1480b7da11168bffc85e26162fe9bf3935d04
- SHA256
  
  a356ee27bbb4e11aae31bac5b98684358ba4ef5d9b7621e768f0dd0cd317c0da
- SHA512
  
  a47799b94bf05813fa2a3755e85fbca6f97a6b59197082c9e20d43a41a5dca69ce5682c5de7e6a7094f28e5a8c91c5376818fbec3f977f0ef77aa088287645ed
- SSDEEP
  
  3072:aGNFtPwgwfL4CCwPSO1Cq2D2YtkDugUkN/sf:aYptwfL4C67DLEugfN/s
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2