bfde7a958edb911f6e45d74fb426e370c0bb472297f858c3389c8dc5e63c5db3 | Triage

Sharing

General

Target

863cf86b0b6c9b77fef444026d537dc2_JaffaCakes118
Size

438KB
Sample

240810-qrs2qa1elj
MD5

863cf86b0b6c9b77fef444026d537dc2
SHA1

dc489eeb4cecc0ea9646d13eb007862ee8f1afdc
SHA256

bfde7a958edb911f6e45d74fb426e370c0bb472297f858c3389c8dc5e63c5db3
SHA512

28f3be81b4d7e0375f523d01546e972501c54070e8e9600c288105de6be37c57df96b8125887af1abeb32f71de18e81a9d242cb563c0fe4ca77e140d5db7cc73
SSDEEP

3072:/Gu9BlfzWIbXWm+w0JOQpHNEkKwQjnyu2y2bh+H+yDg://0uoTptEAQcy0+H+

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  863cf86b0b6c9b77fef444026d537dc2_JaffaCakes118
- Size
  
  438KB
- MD5
  
  863cf86b0b6c9b77fef444026d537dc2
- SHA1
  
  dc489eeb4cecc0ea9646d13eb007862ee8f1afdc
- SHA256
  
  bfde7a958edb911f6e45d74fb426e370c0bb472297f858c3389c8dc5e63c5db3
- SHA512
  
  28f3be81b4d7e0375f523d01546e972501c54070e8e9600c288105de6be37c57df96b8125887af1abeb32f71de18e81a9d242cb563c0fe4ca77e140d5db7cc73
- SSDEEP
  
  3072:/Gu9BlfzWIbXWm+w0JOQpHNEkKwQjnyu2y2bh+H+yDg://0uoTptEAQcy0+H+
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence