5fec6885a8a9f3b646d23a4f7e52fa32722e6bc2679fb05b74862b51472eb9ff | Triage

Sharing

General

Target

75df01c1bc915e0a0da7a253543cb252_JaffaCakes118
Size

219KB
Sample

240726-1qlw5azfkg
MD5

75df01c1bc915e0a0da7a253543cb252
SHA1

48ef907bc1ab89d01e25a32cdbc0c0786538ea40
SHA256

5fec6885a8a9f3b646d23a4f7e52fa32722e6bc2679fb05b74862b51472eb9ff
SHA512

bb46d26e3e924aba1ce1f476daf594af807f3e6cc27842cf50bcf968265b4087d985e4475002bec3b3e15f73ec4417974f0656a6f29cc52433f4bf97aadd3996
SSDEEP

6144:90tOVsJiRUjjxrPOXGmsmEWGboSjUiQ54O9K:90tVJiMFuE1HgiQ54f

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  75df01c1bc915e0a0da7a253543cb252_JaffaCakes118
- Size
  
  219KB
- MD5
  
  75df01c1bc915e0a0da7a253543cb252
- SHA1
  
  48ef907bc1ab89d01e25a32cdbc0c0786538ea40
- SHA256
  
  5fec6885a8a9f3b646d23a4f7e52fa32722e6bc2679fb05b74862b51472eb9ff
- SHA512
  
  bb46d26e3e924aba1ce1f476daf594af807f3e6cc27842cf50bcf968265b4087d985e4475002bec3b3e15f73ec4417974f0656a6f29cc52433f4bf97aadd3996
- SSDEEP
  
  6144:90tOVsJiRUjjxrPOXGmsmEWGboSjUiQ54O9K:90tVJiMFuE1HgiQ54f
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2