6b0796316c45cb70191085eb70dcd8e754d9badc80aafd0eada1433fd7e596d1 | Triage

Sharing

General

Target

6a0425934a918fcfa96f4c0ed0e6fc7f_JaffaCakes118
Size

380KB
Sample

240724-djrsgavclr
MD5

6a0425934a918fcfa96f4c0ed0e6fc7f
SHA1

034c5b1d9a1685585424415029573a2de96a3a73
SHA256

6b0796316c45cb70191085eb70dcd8e754d9badc80aafd0eada1433fd7e596d1
SHA512

695cb89f10c9d0fcf815822b9ba72d9c59f9265d223bdba38f139e067a1cfeef64fa35f6f1df155110d61cb6c440ad65c0499b507cbded0c6603bf8b6d7e8a07
SSDEEP

6144:d1qjtXyHz9moAupI8nchJm8EroL3iZBxjGWsQmeFoI0MEODQ:ujAZPfGGs66ymeFoX

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  6a0425934a918fcfa96f4c0ed0e6fc7f_JaffaCakes118
- Size
  
  380KB
- MD5
  
  6a0425934a918fcfa96f4c0ed0e6fc7f
- SHA1
  
  034c5b1d9a1685585424415029573a2de96a3a73
- SHA256
  
  6b0796316c45cb70191085eb70dcd8e754d9badc80aafd0eada1433fd7e596d1
- SHA512
  
  695cb89f10c9d0fcf815822b9ba72d9c59f9265d223bdba38f139e067a1cfeef64fa35f6f1df155110d61cb6c440ad65c0499b507cbded0c6603bf8b6d7e8a07
- SSDEEP
  
  6144:d1qjtXyHz9moAupI8nchJm8EroL3iZBxjGWsQmeFoI0MEODQ:ujAZPfGGs66ymeFoX
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2