89d6efff9cfba9ec7efc6d6f3a8e85be954ddb5fc7f92db8235c97dee49ec026 | Triage

Sharing

General

Target

3bf3fad742423726828147bd9dd5b5f8_JaffaCakes118
Size

329KB
Sample

240712-evr32syanq
MD5

3bf3fad742423726828147bd9dd5b5f8
SHA1

ee1dd0c3b9bc6a695a562dc1471ead145e32c3fb
SHA256

89d6efff9cfba9ec7efc6d6f3a8e85be954ddb5fc7f92db8235c97dee49ec026
SHA512

d28841a85980b1de5ec12024bf31783bef52d8ea5ec2f767df8da75043c1d4d61e07d8e00105337b30605ae56cb1615a3f030779d6d0c6e65a0f83bf560077ae
SSDEEP

6144:3tEK7FUgViyUXe2ZsD9eBVtQRlc12iVkIFzy9TLSDoC3FHvKHManP:3awFDiym920jcc1f9e9XS335vHs

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  3bf3fad742423726828147bd9dd5b5f8_JaffaCakes118
- Size
  
  329KB
- MD5
  
  3bf3fad742423726828147bd9dd5b5f8
- SHA1
  
  ee1dd0c3b9bc6a695a562dc1471ead145e32c3fb
- SHA256
  
  89d6efff9cfba9ec7efc6d6f3a8e85be954ddb5fc7f92db8235c97dee49ec026
- SHA512
  
  d28841a85980b1de5ec12024bf31783bef52d8ea5ec2f767df8da75043c1d4d61e07d8e00105337b30605ae56cb1615a3f030779d6d0c6e65a0f83bf560077ae
- SSDEEP
  
  6144:3tEK7FUgViyUXe2ZsD9eBVtQRlc12iVkIFzy9TLSDoC3FHvKHManP:3awFDiym920jcc1f9e9XS335vHs
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2