7cde9e943ccb34ba232705e6e58b5a08fadcef484b869317cfaf5c64749c1147 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e8d1dd47abffe08ffd2e20bacb5f144_JaffaCakes118
Size

255KB
Sample

240720-b46e9a1bnk
MD5

5e8d1dd47abffe08ffd2e20bacb5f144
SHA1

f47ed8782632917c159244f4579ebe539334025d
SHA256

7cde9e943ccb34ba232705e6e58b5a08fadcef484b869317cfaf5c64749c1147
SHA512

05b90e2f66c080a253fb217b8a641d2bf404ffb97963a8a78e80d96bd17abb6d10caf4c7cc37d5854af3dc6e5ba9e8641a96d1b1a5e2d122fada94d36fd0fc88
SSDEEP

6144:kWGYygjG1fsGMLxfjVM2bvMXGCBLgbanEqZNAzL26a/aDZ:k0yAjN1i2bvCLY6NA31t

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Pagamento.Pdf_______________________________________________________________________.exe
- Size
  
  297KB
- MD5
  
  55f6dfa952701c0152e054dbe3d0882c
- SHA1
  
  3d4d2a6b001ef4c0b14fb4815c3314bd07ba90d5
- SHA256
  
  78d3b686d7b4411c921c3eb4f2f99a8b78841d19790877d6870c92fcd9a598c7
- SHA512
  
  bb0b1aa3522b2d61f5dfaf42e2164c492a45e001222bb791887478f84ad587929cf1b3c06ec5b5c7836698160c1c78d11fd2bd145d17df522972a9659ac2f703
- SSDEEP
  
  6144:+2DB0qyd3oxcdzsjcufgM7e3lSQtt0PoOKEtq70uHRinFBqLTabu02ZyzLD:9DGu+sjcufWlvooOKEtY/xUBqLSx2ZyD
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2