a42d9fd7e8e5c69fc70ca8079f001ef28aecb582817329f58147f033e82cf314 | Triage

Sharing

General

Target

88fe305bbf9afcad59021e4a714cab40_JaffaCakes118
Size

140KB
Sample

240811-e3y7bsyhka
MD5

88fe305bbf9afcad59021e4a714cab40
SHA1

43a35d8e7690d90eb06a5b0ee860c901ccab667f
SHA256

a42d9fd7e8e5c69fc70ca8079f001ef28aecb582817329f58147f033e82cf314
SHA512

4e02f926fae7cf83e3fe0a289c10055ee03a0f435b90d13b88fcea5e69dee78d59ffdfffd58b16d46c89128eaed0648dd54c3fbf56ed35072d9927b0df56aecc
SSDEEP

3072:UJUv62uGoN4z7f5OU+0W5K8lCmbDH6RifHx9qKuX96Vt197:Ni2uGzzjZ+0bvmbDaROI/6Vt1h

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  88fe305bbf9afcad59021e4a714cab40_JaffaCakes118
- Size
  
  140KB
- MD5
  
  88fe305bbf9afcad59021e4a714cab40
- SHA1
  
  43a35d8e7690d90eb06a5b0ee860c901ccab667f
- SHA256
  
  a42d9fd7e8e5c69fc70ca8079f001ef28aecb582817329f58147f033e82cf314
- SHA512
  
  4e02f926fae7cf83e3fe0a289c10055ee03a0f435b90d13b88fcea5e69dee78d59ffdfffd58b16d46c89128eaed0648dd54c3fbf56ed35072d9927b0df56aecc
- SSDEEP
  
  3072:UJUv62uGoN4z7f5OU+0W5K8lCmbDH6RifHx9qKuX96Vt197:Ni2uGzzjZ+0bvmbDaROI/6Vt1h
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence