de6d9d886d8eae5459eef78b69506e9753922405a0ccf461c3592f3498aa1def | Triage

Sharing

General

Target

af05bff1571898c715f817304543e221_JaffaCakes118
Size

155KB
Sample

240820-nha4fasglp
MD5

af05bff1571898c715f817304543e221
SHA1

19b71aacc3f90a1c7011c7219d142bc675d18809
SHA256

de6d9d886d8eae5459eef78b69506e9753922405a0ccf461c3592f3498aa1def
SHA512

e1f0b9552cb069294267170f465ce29e8dbbc61ce014b734db3faacdc5d4fec67ef8b42ddfca1abbca19e9bc27b13ac08e153434d954702eb30b122a450f3a33
SSDEEP

3072:VeZZhQYiZQyAAgHfKv1RnYA18G3yVrPpwPV6:VYZhNuQ/K/nYZPp

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  af05bff1571898c715f817304543e221_JaffaCakes118
- Size
  
  155KB
- MD5
  
  af05bff1571898c715f817304543e221
- SHA1
  
  19b71aacc3f90a1c7011c7219d142bc675d18809
- SHA256
  
  de6d9d886d8eae5459eef78b69506e9753922405a0ccf461c3592f3498aa1def
- SHA512
  
  e1f0b9552cb069294267170f465ce29e8dbbc61ce014b734db3faacdc5d4fec67ef8b42ddfca1abbca19e9bc27b13ac08e153434d954702eb30b122a450f3a33
- SSDEEP
  
  3072:VeZZhQYiZQyAAgHfKv1RnYA18G3yVrPpwPV6:VYZhNuQ/K/nYZPp
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence