1b220b31b02f109014a8f4437ed4390d46eb37c79707b974da8e47b353560da1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8649fcff9190f962b3a3ae774a8df37c_JaffaCakes118
Size

172KB
Sample

240810-q3phnswdmg
MD5

8649fcff9190f962b3a3ae774a8df37c
SHA1

f3185fd5f40e7dbee2e3a7570b19ee5e83f49234
SHA256

1b220b31b02f109014a8f4437ed4390d46eb37c79707b974da8e47b353560da1
SHA512

d7a58af1967c477d96f4a9d9f9751b79176e1fbfc2a158f76bac370884c9917e1e77d2ea08bbff331e4c9b8de5942c6e75b9d7e9ee70add705f678a37701aff5
SSDEEP

3072:wUVA89uNLqzv0beG+5/8nt1VUxFNfCDg1grHcm++vE8:wu9RYbwUntPCNfCDO88Z

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  8649fcff9190f962b3a3ae774a8df37c_JaffaCakes118
- Size
  
  172KB
- MD5
  
  8649fcff9190f962b3a3ae774a8df37c
- SHA1
  
  f3185fd5f40e7dbee2e3a7570b19ee5e83f49234
- SHA256
  
  1b220b31b02f109014a8f4437ed4390d46eb37c79707b974da8e47b353560da1
- SHA512
  
  d7a58af1967c477d96f4a9d9f9751b79176e1fbfc2a158f76bac370884c9917e1e77d2ea08bbff331e4c9b8de5942c6e75b9d7e9ee70add705f678a37701aff5
- SSDEEP
  
  3072:wUVA89uNLqzv0beG+5/8nt1VUxFNfCDg1grHcm++vE8:wu9RYbwUntPCNfCDO88Z
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence