dc903ba1771754ff3e1f767ebcbc20734e8955924a10c1a5913925e5d4bf5ba7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3979e5c30375da83f0e15f15a00a655a_JaffaCakes118
Size

307KB
Sample

240711-rlv5kascrb
MD5

3979e5c30375da83f0e15f15a00a655a
SHA1

3856e5117bb7cbf02e25830ef0c76857b3fff35e
SHA256

dc903ba1771754ff3e1f767ebcbc20734e8955924a10c1a5913925e5d4bf5ba7
SHA512

d47081c2e8a728622bff13ef04606adcb07c54ad364feafcf1c9e615d184188d1efd5d139fbb790d4211ec09ce4475791443edf96902311e9e72ca0202b8e72e
SSDEEP

6144:2qzvT72Y0SrzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOvPECYeixlYGicJBo:2Cr7SSCYsY1UMqMZJYSN7wbstOv8fveX

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  3979e5c30375da83f0e15f15a00a655a_JaffaCakes118
- Size
  
  307KB
- MD5
  
  3979e5c30375da83f0e15f15a00a655a
- SHA1
  
  3856e5117bb7cbf02e25830ef0c76857b3fff35e
- SHA256
  
  dc903ba1771754ff3e1f767ebcbc20734e8955924a10c1a5913925e5d4bf5ba7
- SHA512
  
  d47081c2e8a728622bff13ef04606adcb07c54ad364feafcf1c9e615d184188d1efd5d139fbb790d4211ec09ce4475791443edf96902311e9e72ca0202b8e72e
- SSDEEP
  
  6144:2qzvT72Y0SrzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOvPECYeixlYGicJBo:2Cr7SSCYsY1UMqMZJYSN7wbstOv8fveX
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2