b0ee02104c203a56cf120b57f6f6374dd9a1dec14a3061547b3947f1e266b517 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a38ff53f0a0b1d0793d29747484e5fe7_JaffaCakes118
Size

188KB
Sample

240817-wmp26ayeqg
MD5

a38ff53f0a0b1d0793d29747484e5fe7
SHA1

abe1bf85d2b58e1ebe5607ea8b7c4dd18ceae0fd
SHA256

b0ee02104c203a56cf120b57f6f6374dd9a1dec14a3061547b3947f1e266b517
SHA512

3b7706d68a8114c5714b888ad72e926709396a43d0d59c3a7bdc38153f4082eec71f60ad43f49bfcc065dd5b5ada575e794625870435b2fdc8078e75ca51aa9e
SSDEEP

3072:pOechXbFytTUom+xfsehNV4o2JJ9wToBYK6tQyGg2LYGLP8:pOlbgtaxi0oc9wToz6GyGg2LYa

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  a38ff53f0a0b1d0793d29747484e5fe7_JaffaCakes118
- Size
  
  188KB
- MD5
  
  a38ff53f0a0b1d0793d29747484e5fe7
- SHA1
  
  abe1bf85d2b58e1ebe5607ea8b7c4dd18ceae0fd
- SHA256
  
  b0ee02104c203a56cf120b57f6f6374dd9a1dec14a3061547b3947f1e266b517
- SHA512
  
  3b7706d68a8114c5714b888ad72e926709396a43d0d59c3a7bdc38153f4082eec71f60ad43f49bfcc065dd5b5ada575e794625870435b2fdc8078e75ca51aa9e
- SSDEEP
  
  3072:pOechXbFytTUom+xfsehNV4o2JJ9wToBYK6tQyGg2LYGLP8:pOlbgtaxi0oc9wToz6GyGg2LYa
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence