d57a1302ac2bfdd78775e66ad08e43956279e5db1d33c5e6bdcec8ea59345535 | Triage

Sharing

General

Target

aedc5de633046a7432a0fd0bc7b14d50_JaffaCakes118
Size

307KB
Sample

240820-mewqaszhpl
MD5

aedc5de633046a7432a0fd0bc7b14d50
SHA1

3be821b7a72d04d3fc648df371fe862540b2eeec
SHA256

d57a1302ac2bfdd78775e66ad08e43956279e5db1d33c5e6bdcec8ea59345535
SHA512

d854bcdee52a9466158c640825d03029f8ea86bf93a8ec49d17db1b5d3a4e77f32636a6c746c12a72aff93910b460293e8fe53e9de68229eb8e8f492cb3b59e1
SSDEEP

6144:2qzvT72Y0SpzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOxPECYeixlYGicYxSI:2Cr7SSQYsY1UMqMZJYSN7wbstOx8fveH

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  aedc5de633046a7432a0fd0bc7b14d50_JaffaCakes118
- Size
  
  307KB
- MD5
  
  aedc5de633046a7432a0fd0bc7b14d50
- SHA1
  
  3be821b7a72d04d3fc648df371fe862540b2eeec
- SHA256
  
  d57a1302ac2bfdd78775e66ad08e43956279e5db1d33c5e6bdcec8ea59345535
- SHA512
  
  d854bcdee52a9466158c640825d03029f8ea86bf93a8ec49d17db1b5d3a4e77f32636a6c746c12a72aff93910b460293e8fe53e9de68229eb8e8f492cb3b59e1
- SSDEEP
  
  6144:2qzvT72Y0SpzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOxPECYeixlYGicYxSI:2Cr7SSQYsY1UMqMZJYSN7wbstOx8fveH
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2