a8c29aba4f4e283f73f016652ea65a84a5b28ba5520d13212cca11b1a25cd5b3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37ff77988933f63254805d8718a3cbe6_JaffaCakes118
Size

290KB
Sample

240711-gx3zfasfpp
MD5

37ff77988933f63254805d8718a3cbe6
SHA1

dd01143128d8daa103a9e4041395132ac056d8f1
SHA256

a8c29aba4f4e283f73f016652ea65a84a5b28ba5520d13212cca11b1a25cd5b3
SHA512

56ea6fa5ee6ca83506f3c90dadee3c89ba3b0c8b6d3a2e8ff0857030185b1d385048438f0bfe94b632b93ba57fdefcb259cfa4d61e37913ff8ef524be3955d78
SSDEEP

6144:rfsqV09Du+Rc9DMQtc9LMojzmx1i68Nb567pkkDvarndYLx3IhpD:jj2C9DGh1wi6A5ephDvIY13QpD

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  37ff77988933f63254805d8718a3cbe6_JaffaCakes118
- Size
  
  290KB
- MD5
  
  37ff77988933f63254805d8718a3cbe6
- SHA1
  
  dd01143128d8daa103a9e4041395132ac056d8f1
- SHA256
  
  a8c29aba4f4e283f73f016652ea65a84a5b28ba5520d13212cca11b1a25cd5b3
- SHA512
  
  56ea6fa5ee6ca83506f3c90dadee3c89ba3b0c8b6d3a2e8ff0857030185b1d385048438f0bfe94b632b93ba57fdefcb259cfa4d61e37913ff8ef524be3955d78
- SSDEEP
  
  6144:rfsqV09Du+Rc9DMQtc9LMojzmx1i68Nb567pkkDvarndYLx3IhpD:jj2C9DGh1wi6A5ephDvIY13QpD
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2