40d28e7b5cc9d6e07d4ed5b51d8f00ffaa4a1fb9a0066be4d7809fcb265e4986 | Triage

Sharing

General

Target

3bb711149502c3a0f3193224cdb2bfa6_JaffaCakes118
Size

296KB
Sample

240712-daefsavhll
MD5

3bb711149502c3a0f3193224cdb2bfa6
SHA1

63f156ffe9fcbeb22484421cd2ae3b77a70d44cf
SHA256

40d28e7b5cc9d6e07d4ed5b51d8f00ffaa4a1fb9a0066be4d7809fcb265e4986
SHA512

9c1fd4f41599338152403bbf536172c545bcd50ede6bba99d7a69c05d04c693d4f02b8514c044cf17b0545a9bab7218f68e3955958f0316fbe206df12ca868d6
SSDEEP

6144:Wq96LzpTw0jTHwOZDoxX55mC7e+ySRIJrcyTft:yX1/THx2X5YzpSRIJrLjt

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  3bb711149502c3a0f3193224cdb2bfa6_JaffaCakes118
- Size
  
  296KB
- MD5
  
  3bb711149502c3a0f3193224cdb2bfa6
- SHA1
  
  63f156ffe9fcbeb22484421cd2ae3b77a70d44cf
- SHA256
  
  40d28e7b5cc9d6e07d4ed5b51d8f00ffaa4a1fb9a0066be4d7809fcb265e4986
- SHA512
  
  9c1fd4f41599338152403bbf536172c545bcd50ede6bba99d7a69c05d04c693d4f02b8514c044cf17b0545a9bab7218f68e3955958f0316fbe206df12ca868d6
- SSDEEP
  
  6144:Wq96LzpTw0jTHwOZDoxX55mC7e+ySRIJrcyTft:yX1/THx2X5YzpSRIJrLjt
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2