27c99460ad064b2e1a29a9cd36ecc4248eed4135c9bfd82c7e291c1f4e70f189 | Triage

Sharing

General

Target

481408c4867a7f1de4f6d94ea2f93a4a_JaffaCakes118
Size

327KB
Sample

240715-eazmdsyhlg
MD5

481408c4867a7f1de4f6d94ea2f93a4a
SHA1

3d397a311c129584510fa0cc860387a958cca99c
SHA256

27c99460ad064b2e1a29a9cd36ecc4248eed4135c9bfd82c7e291c1f4e70f189
SHA512

656861add7e61250618a17737a71986f785e8a803d5d2cda062a673b711c73c5984cb73a6db026c22dc0dc4b51c23d33129c94552d557a1cac4ef25a6feadfa4
SSDEEP

6144:1HSPog8gW5zJ+W1PQGXDjIzME28wfbThH3LLsih0X5zTPaNncw1PhHM2eC:1Hcf7W5j1tjIIvVfb53LYjFTPaNcGHMe

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  481408c4867a7f1de4f6d94ea2f93a4a_JaffaCakes118
- Size
  
  327KB
- MD5
  
  481408c4867a7f1de4f6d94ea2f93a4a
- SHA1
  
  3d397a311c129584510fa0cc860387a958cca99c
- SHA256
  
  27c99460ad064b2e1a29a9cd36ecc4248eed4135c9bfd82c7e291c1f4e70f189
- SHA512
  
  656861add7e61250618a17737a71986f785e8a803d5d2cda062a673b711c73c5984cb73a6db026c22dc0dc4b51c23d33129c94552d557a1cac4ef25a6feadfa4
- SSDEEP
  
  6144:1HSPog8gW5zJ+W1PQGXDjIzME28wfbThH3LLsih0X5zTPaNncw1PhHM2eC:1Hcf7W5j1tjIIvVfb53LYjFTPaNcGHMe
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2