10fb63994dac7512ae509beb1a2bdaf4084515c249e97f6f831427128929605f | Triage

Sharing

General

Target

7572b0b4a5d4ee41cb1230ca22244d2b_JaffaCakes118
Size

296KB
Sample

240726-yewk3stdpb
MD5

7572b0b4a5d4ee41cb1230ca22244d2b
SHA1

1b0250e660f46e2da5a9fec0ff0ec1c41fc26c47
SHA256

10fb63994dac7512ae509beb1a2bdaf4084515c249e97f6f831427128929605f
SHA512

3d7dc6f157d8bcd97f1a7cc944a0b0e69168bd08296fde92cf3538973dbee9b21ddc435d2419d5ef8e5622f41aff66588d1612186f5be5c670ff0089e467501e
SSDEEP

6144:2o4ksvUGxVxeDa0t8EYkkECEMnj05RoWfvh8EybgjmTW2bA22r:2o8VxeDaZEm7/joRoDjUKAz

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  7572b0b4a5d4ee41cb1230ca22244d2b_JaffaCakes118
- Size
  
  296KB
- MD5
  
  7572b0b4a5d4ee41cb1230ca22244d2b
- SHA1
  
  1b0250e660f46e2da5a9fec0ff0ec1c41fc26c47
- SHA256
  
  10fb63994dac7512ae509beb1a2bdaf4084515c249e97f6f831427128929605f
- SHA512
  
  3d7dc6f157d8bcd97f1a7cc944a0b0e69168bd08296fde92cf3538973dbee9b21ddc435d2419d5ef8e5622f41aff66588d1612186f5be5c670ff0089e467501e
- SSDEEP
  
  6144:2o4ksvUGxVxeDa0t8EYkkECEMnj05RoWfvh8EybgjmTW2bA22r:2o8VxeDaZEm7/joRoDjUKAz
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2