2bd49c6b62ca38b0344694d2172a27ad23b377bc17f922c5ebf95f9918e8fe35 | Triage

Sharing

General

Target

5e7cc93a7f30ca6a6e3829dbd774a849_JaffaCakes118
Size

216KB
Sample

240720-bq5lsstcrg
MD5

5e7cc93a7f30ca6a6e3829dbd774a849
SHA1

161acad5225b771d94658602089a38579d9ea4c9
SHA256

2bd49c6b62ca38b0344694d2172a27ad23b377bc17f922c5ebf95f9918e8fe35
SHA512

c35bd9175eedeef20359035266e52f06f5fdae795c81e9e10b8d49c5409e7fb6134c7c0661366ac84c9d4c0802aa7509d25ab3e1f28b8aca72593c28fa4fe53d
SSDEEP

3072:rjL2putUmpK3H140BJ4IBLLXmpozG63nUM7TRzv7UN7HRTiTBT+RsOqgoE:DOjr3HrQmLDDG63n3vwJxi+Rsr

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  5e7cc93a7f30ca6a6e3829dbd774a849_JaffaCakes118
- Size
  
  216KB
- MD5
  
  5e7cc93a7f30ca6a6e3829dbd774a849
- SHA1
  
  161acad5225b771d94658602089a38579d9ea4c9
- SHA256
  
  2bd49c6b62ca38b0344694d2172a27ad23b377bc17f922c5ebf95f9918e8fe35
- SHA512
  
  c35bd9175eedeef20359035266e52f06f5fdae795c81e9e10b8d49c5409e7fb6134c7c0661366ac84c9d4c0802aa7509d25ab3e1f28b8aca72593c28fa4fe53d
- SSDEEP
  
  3072:rjL2putUmpK3H140BJ4IBLLXmpozG63nUM7TRzv7UN7HRTiTBT+RsOqgoE:DOjr3HrQmLDDG63n3vwJxi+Rsr
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2