215e964d4b2dc856e16bd01b48c866fcfdad19bd15d526056a99c79e98aeff10 | Triage

Sharing

General

Target

3b2e5624c9cd4b8bc14aaff30f702de5_JaffaCakes118
Size

364KB
Sample

240711-3ptlpasaqe
MD5

3b2e5624c9cd4b8bc14aaff30f702de5
SHA1

3ddcd165b287d301308ad56ea830b382ac2939a3
SHA256

215e964d4b2dc856e16bd01b48c866fcfdad19bd15d526056a99c79e98aeff10
SHA512

ed79a5da171b65c02d35916e8c751d0f037ebba5e8e6c922dd3a77d2bb99c236df74e0622a48ed3385b2d63c835e403c345ee9a23832a2503ffa66f3d9725e60
SSDEEP

6144:ubCdhdyzFFMIX0zE9NKFEWNFfK4CS0NwIq2+fFBFFrki8:umdzWMIXxcXNkjNqZf1FrI

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  3b2e5624c9cd4b8bc14aaff30f702de5_JaffaCakes118
- Size
  
  364KB
- MD5
  
  3b2e5624c9cd4b8bc14aaff30f702de5
- SHA1
  
  3ddcd165b287d301308ad56ea830b382ac2939a3
- SHA256
  
  215e964d4b2dc856e16bd01b48c866fcfdad19bd15d526056a99c79e98aeff10
- SHA512
  
  ed79a5da171b65c02d35916e8c751d0f037ebba5e8e6c922dd3a77d2bb99c236df74e0622a48ed3385b2d63c835e403c345ee9a23832a2503ffa66f3d9725e60
- SSDEEP
  
  6144:ubCdhdyzFFMIX0zE9NKFEWNFfK4CS0NwIq2+fFBFFrki8:umdzWMIXxcXNkjNqZf1FrI
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2