54c97b3c0c6bfdeedfeb14aad47be62d892af7b0d8d4caafd8c3be2b13347be2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f8c41cfe406b3316a4c024c7e2623c9_JaffaCakes118
Size

356KB
Sample

240713-a57h9s1blg
MD5

3f8c41cfe406b3316a4c024c7e2623c9
SHA1

98988b0d2161995784ae256fcfcf7f538c1a456b
SHA256

54c97b3c0c6bfdeedfeb14aad47be62d892af7b0d8d4caafd8c3be2b13347be2
SHA512

7fbc941393c1075cb21c830cc7a8227121f068bb830a2907bd15a218b45c3d2b83e5ceb8b11e1a3ada41da088a55e8a2403656c1e5b7e8e956c9bca8ca9dabf5
SSDEEP

6144:7vbx8LbhJFmVcse6sJ9Ma9A4qHrbmBID5cvmRfGSDBlVEUC:7ybhJaA39erbme59TO

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  3f8c41cfe406b3316a4c024c7e2623c9_JaffaCakes118
- Size
  
  356KB
- MD5
  
  3f8c41cfe406b3316a4c024c7e2623c9
- SHA1
  
  98988b0d2161995784ae256fcfcf7f538c1a456b
- SHA256
  
  54c97b3c0c6bfdeedfeb14aad47be62d892af7b0d8d4caafd8c3be2b13347be2
- SHA512
  
  7fbc941393c1075cb21c830cc7a8227121f068bb830a2907bd15a218b45c3d2b83e5ceb8b11e1a3ada41da088a55e8a2403656c1e5b7e8e956c9bca8ca9dabf5
- SSDEEP
  
  6144:7vbx8LbhJFmVcse6sJ9Ma9A4qHrbmBID5cvmRfGSDBlVEUC:7ybhJaA39erbme59TO
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2