f13e6ee3f95695b48f2485ec425cfb0b87eec6f65765e5d51f488af26fddea9d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8514a0dd7a6e84ff7fd2fbe75f52ba84_JaffaCakes118
Size

176KB
Sample

240810-g2d6washph
MD5

8514a0dd7a6e84ff7fd2fbe75f52ba84
SHA1

a328b11a18d9b4c8ef33b0772fa77ee49f8fb496
SHA256

f13e6ee3f95695b48f2485ec425cfb0b87eec6f65765e5d51f488af26fddea9d
SHA512

6e0f63404eb92a01cfd44aa84db2e4e9098db01f8e3a8410ea1c4c82e21b90a866a5ced300f60dac88c4ac4486d67d3e36e1e6db6957fb544b3073c394a13b9c
SSDEEP

3072:5xSNLIwg6G6utvqG5djtkUKikCVr6UsdS3xvr71bMIkiKa/fp:PSZIF6G6u5qQdRkwr6UO6uIkJEp

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  8514a0dd7a6e84ff7fd2fbe75f52ba84_JaffaCakes118
- Size
  
  176KB
- MD5
  
  8514a0dd7a6e84ff7fd2fbe75f52ba84
- SHA1
  
  a328b11a18d9b4c8ef33b0772fa77ee49f8fb496
- SHA256
  
  f13e6ee3f95695b48f2485ec425cfb0b87eec6f65765e5d51f488af26fddea9d
- SHA512
  
  6e0f63404eb92a01cfd44aa84db2e4e9098db01f8e3a8410ea1c4c82e21b90a866a5ced300f60dac88c4ac4486d67d3e36e1e6db6957fb544b3073c394a13b9c
- SSDEEP
  
  3072:5xSNLIwg6G6utvqG5djtkUKikCVr6UsdS3xvr71bMIkiKa/fp:PSZIF6G6u5qQdRkwr6UO6uIkJEp
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2