36927e7104d99ee422c43ba14d7c4d973961f902e0156659b997111189bb4bf7 | Triage

Sharing

General

Target

48b4afdf7858765829821b31438b8038_JaffaCakes118
Size

290KB
Sample

240715-hrrjwswhnh
MD5

48b4afdf7858765829821b31438b8038
SHA1

30b5e8d185ac21bb8d19dd43151f7dd257a9f3cc
SHA256

36927e7104d99ee422c43ba14d7c4d973961f902e0156659b997111189bb4bf7
SHA512

99c3c1e3c9b9eb22f968064faab86a78fec8dbee831a5b04fdc0d940951d618e3106db88ad118458cead1ad844faee6b75884a0c770e666f5632b850944e8461
SSDEEP

6144:FXdlvdqWLqOKp/B5RyaynzgvGq6JhW71Qgtm0DTgJvj:FXd/zL0/B5YzFHCtmH

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  48b4afdf7858765829821b31438b8038_JaffaCakes118
- Size
  
  290KB
- MD5
  
  48b4afdf7858765829821b31438b8038
- SHA1
  
  30b5e8d185ac21bb8d19dd43151f7dd257a9f3cc
- SHA256
  
  36927e7104d99ee422c43ba14d7c4d973961f902e0156659b997111189bb4bf7
- SHA512
  
  99c3c1e3c9b9eb22f968064faab86a78fec8dbee831a5b04fdc0d940951d618e3106db88ad118458cead1ad844faee6b75884a0c770e666f5632b850944e8461
- SSDEEP
  
  6144:FXdlvdqWLqOKp/B5RyaynzgvGq6JhW71Qgtm0DTgJvj:FXd/zL0/B5YzFHCtmH
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2