809d2c2e4b7627aa7f885f32c464b565a6848a56cbbded2fece058e87133174a | Triage

Sharing

General

Target

8713aa1fe9d9b9499e23cf47af46cbc5_JaffaCakes118
Size

3.4MB
Sample

240810-wkgb8svcrg
MD5

8713aa1fe9d9b9499e23cf47af46cbc5
SHA1

0891fafc094a52f76b5877c2df0f3673e7e58c3e
SHA256

809d2c2e4b7627aa7f885f32c464b565a6848a56cbbded2fece058e87133174a
SHA512

b9a05a4ebc9921a69da0ad1dd3776b55e06d28a1bccb46f3d2e617cbd8839a629a6f76cb3b73086ef88abef6780fc069a2c591fe641a7a509fd27748c6265dbf
SSDEEP

98304:M8cvccDJxZdk0T33aR1EknVIJZQfPJL8Mc4r/qs2Jb:azf7k0T33aRCknFfPh8crCsM

Score

8^/10

discovery evasion execution persistence

Malware Config

Targets

- Target
  
  8713aa1fe9d9b9499e23cf47af46cbc5_JaffaCakes118
- Size
  
  3.4MB
- MD5
  
  8713aa1fe9d9b9499e23cf47af46cbc5
- SHA1
  
  0891fafc094a52f76b5877c2df0f3673e7e58c3e
- SHA256
  
  809d2c2e4b7627aa7f885f32c464b565a6848a56cbbded2fece058e87133174a
- SHA512
  
  b9a05a4ebc9921a69da0ad1dd3776b55e06d28a1bccb46f3d2e617cbd8839a629a6f76cb3b73086ef88abef6780fc069a2c591fe641a7a509fd27748c6265dbf
- SSDEEP
  
  98304:M8cvccDJxZdk0T33aR1EknVIJZQfPJL8Mc4r/qs2Jb:azf7k0T33aRCknFfPh8crCsM
Score

8^/10

discovery evasion execution persistence
- Stops running service(s)
  evasion execution
- Uses Session Manager for persistence
  Creates Session Manager registry key to run executable early in system boot.
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexecutionpersistence

behavioral2

discoveryevasionexecutionpersistence