0979fd930a3412b0a70a4de77acd6d33847bc02ea81cea9dbe9a16b2fe95e0f5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

97237836328ec90b7ac9368f60112cef_JaffaCakes118
Size

300KB
Sample

240814-wvpflawejg
MD5

97237836328ec90b7ac9368f60112cef
SHA1

7bef61a401056e5722785f030528f7b3ab10096b
SHA256

0979fd930a3412b0a70a4de77acd6d33847bc02ea81cea9dbe9a16b2fe95e0f5
SHA512

faf3cd11168d7824b0ed969a80e11ee2096ef5211ab11f5baa4dd3976a1c934f9df86ba55d38559dca8d90d24542b06e7b12559ed647f6df267cf165ef3b26c5
SSDEEP

6144:ii7Xqx/gH5oBZYKCUbA8BRnweB2kz2AKD1ezUJh+cvS:5qxGhuABkqQzduS

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  97237836328ec90b7ac9368f60112cef_JaffaCakes118
- Size
  
  300KB
- MD5
  
  97237836328ec90b7ac9368f60112cef
- SHA1
  
  7bef61a401056e5722785f030528f7b3ab10096b
- SHA256
  
  0979fd930a3412b0a70a4de77acd6d33847bc02ea81cea9dbe9a16b2fe95e0f5
- SHA512
  
  faf3cd11168d7824b0ed969a80e11ee2096ef5211ab11f5baa4dd3976a1c934f9df86ba55d38559dca8d90d24542b06e7b12559ed647f6df267cf165ef3b26c5
- SSDEEP
  
  6144:ii7Xqx/gH5oBZYKCUbA8BRnweB2kz2AKD1ezUJh+cvS:5qxGhuABkqQzduS
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence