52f2868e3af92b875f7120e34ebaf4605c5f39e8b05e83b0766855111c32a457 | Triage

Sharing

General

Target

b0de7db8bdf8afbfcf108a46a62c4b70_JaffaCakes118
Size

104KB
Sample

240820-z4qlsstdra
MD5

b0de7db8bdf8afbfcf108a46a62c4b70
SHA1

8c96767a0f65c46d696a315dcdaf3feaa8d04ca2
SHA256

52f2868e3af92b875f7120e34ebaf4605c5f39e8b05e83b0766855111c32a457
SHA512

b13385467be383333bc4779b28b6d6f4f85ed907010ba209d887975288f1b2d2214120550a29527c879faffeccdf3deaea0f585b2d9d4e7326ef88cb3af331c3
SSDEEP

1536:N5BW/JLwpATmNscCKfKx02223WGX48FlkPjO/lrsNa7mzTqqI6INw:1W/JzTmNqXRkPjsss4Tvww

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  b0de7db8bdf8afbfcf108a46a62c4b70_JaffaCakes118
- Size
  
  104KB
- MD5
  
  b0de7db8bdf8afbfcf108a46a62c4b70
- SHA1
  
  8c96767a0f65c46d696a315dcdaf3feaa8d04ca2
- SHA256
  
  52f2868e3af92b875f7120e34ebaf4605c5f39e8b05e83b0766855111c32a457
- SHA512
  
  b13385467be383333bc4779b28b6d6f4f85ed907010ba209d887975288f1b2d2214120550a29527c879faffeccdf3deaea0f585b2d9d4e7326ef88cb3af331c3
- SSDEEP
  
  1536:N5BW/JLwpATmNscCKfKx02223WGX48FlkPjO/lrsNa7mzTqqI6INw:1W/JzTmNqXRkPjsss4Tvww
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence