4e4a22ba8bcdfe1119c1250aa734860c3f2b55ef768bb9737ed9852df42dc8a5 | Triage

Sharing

General

Target

84601698ea183273d0c0a0153a3f3039_JaffaCakes118
Size

267KB
Sample

240810-cagqgavamd
MD5

84601698ea183273d0c0a0153a3f3039
SHA1

60df8c5f24cfa14b41aebb4038a2d22e8181b5f5
SHA256

4e4a22ba8bcdfe1119c1250aa734860c3f2b55ef768bb9737ed9852df42dc8a5
SHA512

c830b573a57d96bc72b89ef3e96a921862fb9a6b9aae62e69ea7ecc51ed84e0071c5ce680d74496d7a8ac0926bbb7f67a389a72a75d38077a1f9350546fbabd0
SSDEEP

6144:KxZaXTfCraCZREa9PzhNOdyfxSKHKvG4Qsq/HI:KVhEghBfxSKHKemq/HI

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  84601698ea183273d0c0a0153a3f3039_JaffaCakes118
- Size
  
  267KB
- MD5
  
  84601698ea183273d0c0a0153a3f3039
- SHA1
  
  60df8c5f24cfa14b41aebb4038a2d22e8181b5f5
- SHA256
  
  4e4a22ba8bcdfe1119c1250aa734860c3f2b55ef768bb9737ed9852df42dc8a5
- SHA512
  
  c830b573a57d96bc72b89ef3e96a921862fb9a6b9aae62e69ea7ecc51ed84e0071c5ce680d74496d7a8ac0926bbb7f67a389a72a75d38077a1f9350546fbabd0
- SSDEEP
  
  6144:KxZaXTfCraCZREa9PzhNOdyfxSKHKvG4Qsq/HI:KVhEghBfxSKHKemq/HI
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence