83a55e113c7bb1a90b15b32896c019c61e59a8ee742743dfe4a79d74036d2cf6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

82c6b3aa060bf845941140a05ef9d5c8_JaffaCakes118
Size

339KB
Sample

240802-ddyc3asbjk
MD5

82c6b3aa060bf845941140a05ef9d5c8
SHA1

c4d681d008bf77d9fae6620d760940c6aef121ae
SHA256

83a55e113c7bb1a90b15b32896c019c61e59a8ee742743dfe4a79d74036d2cf6
SHA512

b1616b1a2c0fabea47c529fa1b04afc6f8217a216af7a690668e1312d4960f1406ff8cc629035b6f57907424cf23c76ae9290c9a5a0b9be97f8701d4de02e3fe
SSDEEP

6144:JMQWfIodGQVi3eGFT31wGLzCLPaqN3PeHY7r3jqC:JM5fIoEQVi3eGPwm6jeHYGC

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  82c6b3aa060bf845941140a05ef9d5c8_JaffaCakes118
- Size
  
  339KB
- MD5
  
  82c6b3aa060bf845941140a05ef9d5c8
- SHA1
  
  c4d681d008bf77d9fae6620d760940c6aef121ae
- SHA256
  
  83a55e113c7bb1a90b15b32896c019c61e59a8ee742743dfe4a79d74036d2cf6
- SHA512
  
  b1616b1a2c0fabea47c529fa1b04afc6f8217a216af7a690668e1312d4960f1406ff8cc629035b6f57907424cf23c76ae9290c9a5a0b9be97f8701d4de02e3fe
- SSDEEP
  
  6144:JMQWfIodGQVi3eGFT31wGLzCLPaqN3PeHY7r3jqC:JM5fIoEQVi3eGPwm6jeHYGC
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2