82f5bc70c78522be64c4d3c3f6c9560cea4f126f505c51df570b8f7bba5fe8a1 | Triage

Sharing

General

Target

362b00f54bb4cc3c27ef7b5c07db5754_JaffaCakes118
Size

298KB
Sample

240710-yqwp8axcnn
MD5

362b00f54bb4cc3c27ef7b5c07db5754
SHA1

427efcfe3f9d156f9495119e4623fb060f4f4c54
SHA256

82f5bc70c78522be64c4d3c3f6c9560cea4f126f505c51df570b8f7bba5fe8a1
SHA512

7d209bf1cabcd6f0b04899a22d093eacfb17dd514c99f12334f28f6704ea72cb83e1fe4be31e58f1e925479b8d0925b471898c1c63f8efd3ef4ef9d41d4f4db9
SSDEEP

6144:F0+N1v3AwzqEybL8eUeiqLnFHXua12BM6SZMIE+YqJ/Crk:aS1AXJ8eXLwo6MC+YqJ/ik

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  362b00f54bb4cc3c27ef7b5c07db5754_JaffaCakes118
- Size
  
  298KB
- MD5
  
  362b00f54bb4cc3c27ef7b5c07db5754
- SHA1
  
  427efcfe3f9d156f9495119e4623fb060f4f4c54
- SHA256
  
  82f5bc70c78522be64c4d3c3f6c9560cea4f126f505c51df570b8f7bba5fe8a1
- SHA512
  
  7d209bf1cabcd6f0b04899a22d093eacfb17dd514c99f12334f28f6704ea72cb83e1fe4be31e58f1e925479b8d0925b471898c1c63f8efd3ef4ef9d41d4f4db9
- SSDEEP
  
  6144:F0+N1v3AwzqEybL8eUeiqLnFHXua12BM6SZMIE+YqJ/Crk:aS1AXJ8eXLwo6MC+YqJ/ik
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2