efd6afacdcb5ab5324b292f57030150a730b0faa778b693d5a8d51e5be266235 | Triage

Sharing

General

Target

68d8877751499e56bb32f0adc3be8ef7_JaffaCakes118
Size

41KB
Sample

240723-zfh7taxdlq
MD5

68d8877751499e56bb32f0adc3be8ef7
SHA1

41f6a1ae676dc1533691a9b0ccb54e63232bfdd4
SHA256

efd6afacdcb5ab5324b292f57030150a730b0faa778b693d5a8d51e5be266235
SHA512

133cad7fa6f89cff591449b85fb739ff3e494a7f86f5f3b4d428923bd26c7fbf00870ccc45c6d9e14e5097150423d77d763c7d670cc005e83f27f64f26f4a84a
SSDEEP

768:Y5qiEdRL4oVmB5QSdIcGnf7ngRJqFbyVfm4LF1Y232WDQsz/b7XTY:YCrLBbbgSbyA4y2m9w/b7M

Score

8^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  68d8877751499e56bb32f0adc3be8ef7_JaffaCakes118
- Size
  
  41KB
- MD5
  
  68d8877751499e56bb32f0adc3be8ef7
- SHA1
  
  41f6a1ae676dc1533691a9b0ccb54e63232bfdd4
- SHA256
  
  efd6afacdcb5ab5324b292f57030150a730b0faa778b693d5a8d51e5be266235
- SHA512
  
  133cad7fa6f89cff591449b85fb739ff3e494a7f86f5f3b4d428923bd26c7fbf00870ccc45c6d9e14e5097150423d77d763c7d670cc005e83f27f64f26f4a84a
- SSDEEP
  
  768:Y5qiEdRL4oVmB5QSdIcGnf7ngRJqFbyVfm4LF1Y232WDQsz/b7XTY:YCrLBbbgSbyA4y2m9w/b7M
Score

8^/10

defense_evasion discovery
- Drops file in Drivers directory
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery