6cdfa81124d94811e0907a07c6551959ef9864595b730c1c35c14901c9d66036 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

69ab8189fff089a9d24ad5fe2cfeaa73_JaffaCakes118
Size

190KB
Sample

240724-bd3axayeqm
MD5

69ab8189fff089a9d24ad5fe2cfeaa73
SHA1

627a27e550bbbb3525414cca8ae5c3acf5f24cf9
SHA256

6cdfa81124d94811e0907a07c6551959ef9864595b730c1c35c14901c9d66036
SHA512

e301935ea42966fbca8c6f53fdd697a53972698c7dcd106d1d25e91dd35af69837441897a19a9d5f576a71b282762840960822b6d2635dbd5e616ed3a189d499
SSDEEP

3072:/FKEUhm9IpsrEbP3WLK7Xd2DYW8p8/63pwo2PiIIUIBnVTolDUS9NKu:/FyyIqrqWLKjsD96VaIBNADUS9p

Score

7^/10

discovery persistence upx

Malware Config

Targets

- Target
  
  69ab8189fff089a9d24ad5fe2cfeaa73_JaffaCakes118
- Size
  
  190KB
- MD5
  
  69ab8189fff089a9d24ad5fe2cfeaa73
- SHA1
  
  627a27e550bbbb3525414cca8ae5c3acf5f24cf9
- SHA256
  
  6cdfa81124d94811e0907a07c6551959ef9864595b730c1c35c14901c9d66036
- SHA512
  
  e301935ea42966fbca8c6f53fdd697a53972698c7dcd106d1d25e91dd35af69837441897a19a9d5f576a71b282762840960822b6d2635dbd5e616ed3a189d499
- SSDEEP
  
  3072:/FKEUhm9IpsrEbP3WLK7Xd2DYW8p8/63pwo2PiIIUIBnVTolDUS9NKu:/FyyIqrqWLKjsD96VaIBNADUS9p
Score

7^/10

discovery persistence upx
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceupx

behavioral2