ae954ef2931f92abdeb85b7365596057ecf9182e55a116740ad3c899bf1dbec7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42979177919a77c27bbb42b4f5864d24_JaffaCakes118
Size

269KB
Sample

240713-vn1plszcjq
MD5

42979177919a77c27bbb42b4f5864d24
SHA1

821e43aad95c7ae5dc76ef1b4c627b5c2abbf81c
SHA256

ae954ef2931f92abdeb85b7365596057ecf9182e55a116740ad3c899bf1dbec7
SHA512

6d44a28d4a6e0090baddc89721567602a5c4bc567a1392e45c2933ce672f71e548d42e48ff6d5a506694ec333b685dd324d4a7ce5a60fb246373a68ed3335619
SSDEEP

6144:0SAarouH67h92+bv9HMu96f9N0omr2lzyjy2FJXXT3Kz:0SAaroHL2+blHLQf9lmr2lN2rT

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  42979177919a77c27bbb42b4f5864d24_JaffaCakes118
- Size
  
  269KB
- MD5
  
  42979177919a77c27bbb42b4f5864d24
- SHA1
  
  821e43aad95c7ae5dc76ef1b4c627b5c2abbf81c
- SHA256
  
  ae954ef2931f92abdeb85b7365596057ecf9182e55a116740ad3c899bf1dbec7
- SHA512
  
  6d44a28d4a6e0090baddc89721567602a5c4bc567a1392e45c2933ce672f71e548d42e48ff6d5a506694ec333b685dd324d4a7ce5a60fb246373a68ed3335619
- SSDEEP
  
  6144:0SAarouH67h92+bv9HMu96f9N0omr2lzyjy2FJXXT3Kz:0SAaroHL2+blHLQf9lmr2lN2rT
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2