f948f9ce2d80e5f6fb76e6e325c07fd4e1dcf082b95f57943b65265dcf12addf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85900ed9dfefeb90ad2907545423ac79_JaffaCakes118
Size

445KB
Sample

240810-lbl61sxhlc
MD5

85900ed9dfefeb90ad2907545423ac79
SHA1

00a0dd5503ebc253967b79c6ed89a26c8888b6c7
SHA256

f948f9ce2d80e5f6fb76e6e325c07fd4e1dcf082b95f57943b65265dcf12addf
SHA512

230f1873ee6cb122e112fbfc6995cf97803d321fba94375a72b9294ddf52e746d2249a6a42769722f57b482d7c3731a17276f77b8b11dd0f081281e5060b624b
SSDEEP

12288:tyXwlJ2+C5IxJ845HYV5sxOH/cccccccepliPj:tdlMav84a5sxZ

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  85900ed9dfefeb90ad2907545423ac79_JaffaCakes118
- Size
  
  445KB
- MD5
  
  85900ed9dfefeb90ad2907545423ac79
- SHA1
  
  00a0dd5503ebc253967b79c6ed89a26c8888b6c7
- SHA256
  
  f948f9ce2d80e5f6fb76e6e325c07fd4e1dcf082b95f57943b65265dcf12addf
- SHA512
  
  230f1873ee6cb122e112fbfc6995cf97803d321fba94375a72b9294ddf52e746d2249a6a42769722f57b482d7c3731a17276f77b8b11dd0f081281e5060b624b
- SSDEEP
  
  12288:tyXwlJ2+C5IxJ845HYV5sxOH/cccccccepliPj:tdlMav84a5sxZ
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence