1811676a18080914f8b25792a50f2253b6c54b9f54eb35abe6bfab50c5fa72d5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6eef31ce6c5d5b0c8da435e308875291_JaffaCakes118
Size

356KB
Sample

240725-kzzlkssfkb
MD5

6eef31ce6c5d5b0c8da435e308875291
SHA1

45ed6c062faf8aef2dd3cb1d5b204e0ea4072a6c
SHA256

1811676a18080914f8b25792a50f2253b6c54b9f54eb35abe6bfab50c5fa72d5
SHA512

63d778f514199a978615beefa749c867d55a4360d818e0c6bf0a6123cbef251168b316fb552224e0d985a7f0765da4713d2aa1688a9f38ad5a9d2881f507fba1
SSDEEP

3072:7vboV83s5AbCorUE8lXMWCs4dmmQFI2MlouGW3dzL8ipq32RKODNsLendWy6ilRb:7vbx8CrUBF4dmmcIBX9tzwZOgenQauW

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  6eef31ce6c5d5b0c8da435e308875291_JaffaCakes118
- Size
  
  356KB
- MD5
  
  6eef31ce6c5d5b0c8da435e308875291
- SHA1
  
  45ed6c062faf8aef2dd3cb1d5b204e0ea4072a6c
- SHA256
  
  1811676a18080914f8b25792a50f2253b6c54b9f54eb35abe6bfab50c5fa72d5
- SHA512
  
  63d778f514199a978615beefa749c867d55a4360d818e0c6bf0a6123cbef251168b316fb552224e0d985a7f0765da4713d2aa1688a9f38ad5a9d2881f507fba1
- SSDEEP
  
  3072:7vboV83s5AbCorUE8lXMWCs4dmmQFI2MlouGW3dzL8ipq32RKODNsLendWy6ilRb:7vbx8CrUBF4dmmcIBX9tzwZOgenQauW
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence