3b8f2882fa7c090c584bcf532babff17074eba9a2e68d024f5aff3631d53a47b | Triage

Sharing

General

Target

a19b8f1c62c2fb9a6cd6629d59edb6a9_JaffaCakes118
Size

321KB
Sample

240817-hws9aatajf
MD5

a19b8f1c62c2fb9a6cd6629d59edb6a9
SHA1

8b0d55bb440908f93bbfed4ba599d66b79632211
SHA256

3b8f2882fa7c090c584bcf532babff17074eba9a2e68d024f5aff3631d53a47b
SHA512

81c99713681e292116c6fa9d38dfea5e44183b47f31f344bbcac990c0d0493dc7c295135bea7d837eed42cf81d3fb291cb1dd121f12314e04b54997441ce8d31
SSDEEP

6144:FwzhH1GuMyeiFVK4qJayUUzSryu+FLks4Swdu59WYim+Tt6yLOMgALAPBsq+Yzk:FwVVGu6ij/Hp+Lks4SwdOnY5kwMBDzk

Score

10^/10

discovery evasion

Malware Config

Targets

- Target
  
  a19b8f1c62c2fb9a6cd6629d59edb6a9_JaffaCakes118
- Size
  
  321KB
- MD5
  
  a19b8f1c62c2fb9a6cd6629d59edb6a9
- SHA1
  
  8b0d55bb440908f93bbfed4ba599d66b79632211
- SHA256
  
  3b8f2882fa7c090c584bcf532babff17074eba9a2e68d024f5aff3631d53a47b
- SHA512
  
  81c99713681e292116c6fa9d38dfea5e44183b47f31f344bbcac990c0d0493dc7c295135bea7d837eed42cf81d3fb291cb1dd121f12314e04b54997441ce8d31
- SSDEEP
  
  6144:FwzhH1GuMyeiFVK4qJayUUzSryu+FLks4Swdu59WYim+Tt6yLOMgALAPBsq+Yzk:FwVVGu6ij/Hp+Lks4SwdOnY5kwMBDzk
Score

10^/10

discovery evasion
- Modifies firewall policy service
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasion