ed87163c98f948a820545f395fa49da3adb79c410c57642fc45131014ae9815f | Triage

Sharing

General

Target

8ecaa9b927431d777de6b63c065f2807_JaffaCakes118
Size

250KB
Sample

240812-pzb8ha1gqk
MD5

8ecaa9b927431d777de6b63c065f2807
SHA1

4687910d2eaabf4464d65e2d5f3dd3ae4a415eec
SHA256

ed87163c98f948a820545f395fa49da3adb79c410c57642fc45131014ae9815f
SHA512

997f5ac09b685779b8d7d57ce95cd28b665b0801171b33de9b3a84d9380085f9945477dee52c105c142114480d71dcc9b56f33914aa0c03b38ae5552a845ceda
SSDEEP

6144:z8ov0/aFiU+WMqhjiG80/aFiU+WMqhjiGd0/aFiU+WMqhjiGG:wPWUhSiOWUhSivWUhSij

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  8ecaa9b927431d777de6b63c065f2807_JaffaCakes118
- Size
  
  250KB
- MD5
  
  8ecaa9b927431d777de6b63c065f2807
- SHA1
  
  4687910d2eaabf4464d65e2d5f3dd3ae4a415eec
- SHA256
  
  ed87163c98f948a820545f395fa49da3adb79c410c57642fc45131014ae9815f
- SHA512
  
  997f5ac09b685779b8d7d57ce95cd28b665b0801171b33de9b3a84d9380085f9945477dee52c105c142114480d71dcc9b56f33914aa0c03b38ae5552a845ceda
- SSDEEP
  
  6144:z8ov0/aFiU+WMqhjiG80/aFiU+WMqhjiGd0/aFiU+WMqhjiGG:wPWUhSiOWUhSivWUhSij
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2