ce623a8ce86894026bf949319f52f4db971e15676e8ae5a641671f7c47b623e0 | Triage

Sharing

General

Target

70779a63e51a394f72f2d48e8601b2c9_JaffaCakes118
Size

32KB
Sample

240725-vj3neasgkn
MD5

70779a63e51a394f72f2d48e8601b2c9
SHA1

210b624ee34d78779db6af8e431320df54a9e086
SHA256

ce623a8ce86894026bf949319f52f4db971e15676e8ae5a641671f7c47b623e0
SHA512

04fb4f31e32b2eb915b181e3e5622157bb755b63a165f22eb065167d81a7d152e6405fdac7f1def064d17896da37a59c03da05f0affebb266009c6a3ecb8f623
SSDEEP

768:UK6mSyuFymRvBIG/4VVV8/FgaKQZV+eX5eQThzMD+/:UK6m+yUCO73ZVJJ0+/

Score

8^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  70779a63e51a394f72f2d48e8601b2c9_JaffaCakes118
- Size
  
  32KB
- MD5
  
  70779a63e51a394f72f2d48e8601b2c9
- SHA1
  
  210b624ee34d78779db6af8e431320df54a9e086
- SHA256
  
  ce623a8ce86894026bf949319f52f4db971e15676e8ae5a641671f7c47b623e0
- SHA512
  
  04fb4f31e32b2eb915b181e3e5622157bb755b63a165f22eb065167d81a7d152e6405fdac7f1def064d17896da37a59c03da05f0affebb266009c6a3ecb8f623
- SSDEEP
  
  768:UK6mSyuFymRvBIG/4VVV8/FgaKQZV+eX5eQThzMD+/:UK6m+yUCO73ZVJJ0+/
Score

8^/10

discovery evasion persistence
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence