e68e0e0ff8101234d34028504491759eaea79e88dc3c83894ca92819fe6dc82a | Triage

Sharing

General

Target

a78a18f123a5bc671829dfa06175db6e_JaffaCakes118
Size

307KB
Sample

240818-vwszqsyamk
MD5

a78a18f123a5bc671829dfa06175db6e
SHA1

973d62ddc1d5cc6a976fe2fd26a5441cfa1a511e
SHA256

e68e0e0ff8101234d34028504491759eaea79e88dc3c83894ca92819fe6dc82a
SHA512

0a4ec2e524ae28937c2503547eb69c1e7a73116daed7ab58fb57d44daade2f82cee7dc25553334811888b2734fdd507142f63d6b5122a0edc98560fabb6e915c
SSDEEP

6144:K0vzKT72Y0S5zinYKTY1SQshfRPVQe1MZkIYSccr7wbstOpPECYeixlYGicl:K0b+7SSAYsY1UMqMZJYSN7wbstOp8fvz

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  a78a18f123a5bc671829dfa06175db6e_JaffaCakes118
- Size
  
  307KB
- MD5
  
  a78a18f123a5bc671829dfa06175db6e
- SHA1
  
  973d62ddc1d5cc6a976fe2fd26a5441cfa1a511e
- SHA256
  
  e68e0e0ff8101234d34028504491759eaea79e88dc3c83894ca92819fe6dc82a
- SHA512
  
  0a4ec2e524ae28937c2503547eb69c1e7a73116daed7ab58fb57d44daade2f82cee7dc25553334811888b2734fdd507142f63d6b5122a0edc98560fabb6e915c
- SSDEEP
  
  6144:K0vzKT72Y0S5zinYKTY1SQshfRPVQe1MZkIYSccr7wbstOpPECYeixlYGicl:K0b+7SSAYsY1UMqMZJYSN7wbstOp8fvz
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2