6a8742f4a59eceb6d4476a3ced9f62c250ef868a129c65feb40966e08f031d2a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

93ce623daec1396e21c02eafd25252ea_JaffaCakes118
Size

3.5MB
Sample

240813-tmnszstbph
MD5

93ce623daec1396e21c02eafd25252ea
SHA1

19d167f904bd527ee5fc772858de3fddf3b91213
SHA256

6a8742f4a59eceb6d4476a3ced9f62c250ef868a129c65feb40966e08f031d2a
SHA512

1b82d1b9e03efa303ef60600d08a87a47a398176c1f18ea700d9683165a87a2331b67920bc59f2a0d15ce8bcba09f599bdad4bb9c60eb44d31151d1aec618b06
SSDEEP

49152:GXS5QqvlMHwmf2/DJAX4KGl17bB8+CmJu5RFML+oivHXP:+MlUHML/iv3P

Score

10^/10

discovery evasion

Malware Config

Targets

- Target
  
  93ce623daec1396e21c02eafd25252ea_JaffaCakes118
- Size
  
  3.5MB
- MD5
  
  93ce623daec1396e21c02eafd25252ea
- SHA1
  
  19d167f904bd527ee5fc772858de3fddf3b91213
- SHA256
  
  6a8742f4a59eceb6d4476a3ced9f62c250ef868a129c65feb40966e08f031d2a
- SHA512
  
  1b82d1b9e03efa303ef60600d08a87a47a398176c1f18ea700d9683165a87a2331b67920bc59f2a0d15ce8bcba09f599bdad4bb9c60eb44d31151d1aec618b06
- SSDEEP
  
  49152:GXS5QqvlMHwmf2/DJAX4KGl17bB8+CmJu5RFML+oivHXP:+MlUHML/iv3P
Score

10^/10

discovery evasion
- Modifies firewall policy service
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion