fa152a3b51f56cabb3c9b30631d3c700078f2f82effde020337f729b7a57cac0 | Triage

Sharing

General

Target

a11a4eac3e87a9d05490bc248d525965_JaffaCakes118
Size

335KB
Sample

240817-efkenawbna
MD5

a11a4eac3e87a9d05490bc248d525965
SHA1

b06b7f4db58240d9e1c72fba71f906ea18fbf622
SHA256

fa152a3b51f56cabb3c9b30631d3c700078f2f82effde020337f729b7a57cac0
SHA512

4e83914bd07d8b928b642fdbae2a98e08400d63dead8a4315d72b2e4d5ae3873f84423b9d989d71604a7ddfde98acd653b1ceeac995adccbc992ab8af4fbbfb9
SSDEEP

6144:7DXDsyf6bYpvYgrJhgCdk4waPIF37Hr0J7VW6pKTjC6jHsl8E:7DXDhf6bYpvYoJhgUk4JPIF37HrOeTjw

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  a11a4eac3e87a9d05490bc248d525965_JaffaCakes118
- Size
  
  335KB
- MD5
  
  a11a4eac3e87a9d05490bc248d525965
- SHA1
  
  b06b7f4db58240d9e1c72fba71f906ea18fbf622
- SHA256
  
  fa152a3b51f56cabb3c9b30631d3c700078f2f82effde020337f729b7a57cac0
- SHA512
  
  4e83914bd07d8b928b642fdbae2a98e08400d63dead8a4315d72b2e4d5ae3873f84423b9d989d71604a7ddfde98acd653b1ceeac995adccbc992ab8af4fbbfb9
- SSDEEP
  
  6144:7DXDsyf6bYpvYgrJhgCdk4waPIF37Hr0J7VW6pKTjC6jHsl8E:7DXDhf6bYpvYoJhgUk4JPIF37HrOeTjw
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2