1c329624d4a3346e2c48cc3dd6e647f81a61c409a0d9c83298de251489d8b24b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad7c4b9c7c30f0b9f2ebcc1d6d017ba4_JaffaCakes118
Size

28KB
Sample

240820-ch3mxascqk
MD5

ad7c4b9c7c30f0b9f2ebcc1d6d017ba4
SHA1

46203ca52cf36e85e29384132b05d47c16556c85
SHA256

1c329624d4a3346e2c48cc3dd6e647f81a61c409a0d9c83298de251489d8b24b
SHA512

d3a747040d1e5aa36e187b9f98270199a09f7da3dc9a35696eaba1e953517e7f7ee6ce264fb58977fa38e01d23cecb4427df7b0345c633573708e15777e1c6f5
SSDEEP

384:r3BWZ1qA6+XcP3hATHIIWuiGfo3ufiF7Xfwxm1uJaTIn:r3wnH9cPRDuimo3ufiF7XIxm1uJaTIn

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  ad7c4b9c7c30f0b9f2ebcc1d6d017ba4_JaffaCakes118
- Size
  
  28KB
- MD5
  
  ad7c4b9c7c30f0b9f2ebcc1d6d017ba4
- SHA1
  
  46203ca52cf36e85e29384132b05d47c16556c85
- SHA256
  
  1c329624d4a3346e2c48cc3dd6e647f81a61c409a0d9c83298de251489d8b24b
- SHA512
  
  d3a747040d1e5aa36e187b9f98270199a09f7da3dc9a35696eaba1e953517e7f7ee6ce264fb58977fa38e01d23cecb4427df7b0345c633573708e15777e1c6f5
- SSDEEP
  
  384:r3BWZ1qA6+XcP3hATHIIWuiGfo3ufiF7Xfwxm1uJaTIn:r3wnH9cPRDuimo3ufiF7XIxm1uJaTIn
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence