7b35a84869ccfbe54a710d1513529b39512d42c7efe601cb7bfda094676c611d | Triage

Sharing

General

Target

9640e214939e7efb044e9611c2686d02_JaffaCakes118
Size

375KB
Sample

240814-qjv64syfln
MD5

9640e214939e7efb044e9611c2686d02
SHA1

54a9554db2deeffbcb1f6199976f8ec24db8bbf3
SHA256

7b35a84869ccfbe54a710d1513529b39512d42c7efe601cb7bfda094676c611d
SHA512

ca9002cc05d6c76f1e171ff963eb1a0891237c47388680605d419cb424e1bb4b39cb84ffbbb6eab823b762747f52203af0a9e8b1ec7d131a1aac3d1f5d01a005
SSDEEP

6144:8Uvbxxybz+wzdMCI5LDSW8QB/UInp+fPwXi8:pOzXJMHnz/xnICX

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  9640e214939e7efb044e9611c2686d02_JaffaCakes118
- Size
  
  375KB
- MD5
  
  9640e214939e7efb044e9611c2686d02
- SHA1
  
  54a9554db2deeffbcb1f6199976f8ec24db8bbf3
- SHA256
  
  7b35a84869ccfbe54a710d1513529b39512d42c7efe601cb7bfda094676c611d
- SHA512
  
  ca9002cc05d6c76f1e171ff963eb1a0891237c47388680605d419cb424e1bb4b39cb84ffbbb6eab823b762747f52203af0a9e8b1ec7d131a1aac3d1f5d01a005
- SSDEEP
  
  6144:8Uvbxxybz+wzdMCI5LDSW8QB/UInp+fPwXi8:pOzXJMHnz/xnICX
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence