e8e16a717a2b4d388d69d6c1a260eaa09304c1930b0e360caccbe947a0f8962f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

32d4838f901851a9dfaf5096e79bf196_JaffaCakes118
Size

107KB
Sample

240710-b5g42syfrn
MD5

32d4838f901851a9dfaf5096e79bf196
SHA1

af3ffe0b007ed1b53a4eef6dc91d1f56e06f7a91
SHA256

e8e16a717a2b4d388d69d6c1a260eaa09304c1930b0e360caccbe947a0f8962f
SHA512

f956d3593a8a88187b5319cb3f6ffd77777236bea24bac4d84fec93f1ad0f96558df4ff548d87371eff6cdaf88672fdda4bedef21e26b8e27983afc7d0e56089
SSDEEP

1536:uPUJcRWV1aBflsE2FuTm6D8ZEIJOLOkZ12NjCGeLdG3Ge8F7dJIA2IGunr6:uPUUGtEZT78EUOPFGeLdG3Gp2Dur6

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  32d4838f901851a9dfaf5096e79bf196_JaffaCakes118
- Size
  
  107KB
- MD5
  
  32d4838f901851a9dfaf5096e79bf196
- SHA1
  
  af3ffe0b007ed1b53a4eef6dc91d1f56e06f7a91
- SHA256
  
  e8e16a717a2b4d388d69d6c1a260eaa09304c1930b0e360caccbe947a0f8962f
- SHA512
  
  f956d3593a8a88187b5319cb3f6ffd77777236bea24bac4d84fec93f1ad0f96558df4ff548d87371eff6cdaf88672fdda4bedef21e26b8e27983afc7d0e56089
- SSDEEP
  
  1536:uPUJcRWV1aBflsE2FuTm6D8ZEIJOLOkZ12NjCGeLdG3Ge8F7dJIA2IGunr6:uPUUGtEZT78EUOPFGeLdG3Gp2Dur6
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2