ea874f65283912aa36339ea4480e91a4efbd55f2beec0d67e0f6b8fa152335c1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f51f583066eb79099e53d1b08d76094_JaffaCakes118
Size

243KB
Sample

240725-m9arbaybjg
MD5

6f51f583066eb79099e53d1b08d76094
SHA1

74f21aba4e3a1055399e2919dc34906ba253709f
SHA256

ea874f65283912aa36339ea4480e91a4efbd55f2beec0d67e0f6b8fa152335c1
SHA512

7df952fcc8193efcdd04dbdd9243f97d77b7608b02370f4bb7a5dd5325f7040ed6a3871079f1b326a63baf6e3cb7d184ebfa73fade75e74ec65b8ff60fff5377
SSDEEP

3072:6JtvKdWp+rrcw9R4918ky6FNWw21/acZvycoogcdEncUz80+Iumicri149:v80rx9u3ZcZvycYcg80+6

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  6f51f583066eb79099e53d1b08d76094_JaffaCakes118
- Size
  
  243KB
- MD5
  
  6f51f583066eb79099e53d1b08d76094
- SHA1
  
  74f21aba4e3a1055399e2919dc34906ba253709f
- SHA256
  
  ea874f65283912aa36339ea4480e91a4efbd55f2beec0d67e0f6b8fa152335c1
- SHA512
  
  7df952fcc8193efcdd04dbdd9243f97d77b7608b02370f4bb7a5dd5325f7040ed6a3871079f1b326a63baf6e3cb7d184ebfa73fade75e74ec65b8ff60fff5377
- SSDEEP
  
  3072:6JtvKdWp+rrcw9R4918ky6FNWw21/acZvycoogcdEncUz80+Iumicri149:v80rx9u3ZcZvycYcg80+6
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence