c6c4a148fd11dfba881b1e04509b229af378c4bc15c7c4ef8435fb7d23fa8966 | Triage

Sharing

General

Target

b36a25a7f0b92dfba3a2d6320938c6b8_JaffaCakes118
Size

1.5MB
Sample

240821-pewfms1enq
MD5

b36a25a7f0b92dfba3a2d6320938c6b8
SHA1

09698030231078824f10e40e475e7d8d9abc4b63
SHA256

c6c4a148fd11dfba881b1e04509b229af378c4bc15c7c4ef8435fb7d23fa8966
SHA512

d076cbf50b8981b8e1155c7de6bab5dc3c780ca0c8514609ed4865d1774df4bcc10cf7374ac5a1fadba6b4db11d22ced0068df83168de73b4c9bb8b582f3f613
SSDEEP

24576:cQbz+mcdH5sY0DOMLiMXSspgE1vIXLYGXmRhzPchYUhER58q06jysYGKY9bCs6vB:J4dH58LLSspgE1v0LpQzPNdD06ofWCeA

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  b36a25a7f0b92dfba3a2d6320938c6b8_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  b36a25a7f0b92dfba3a2d6320938c6b8
- SHA1
  
  09698030231078824f10e40e475e7d8d9abc4b63
- SHA256
  
  c6c4a148fd11dfba881b1e04509b229af378c4bc15c7c4ef8435fb7d23fa8966
- SHA512
  
  d076cbf50b8981b8e1155c7de6bab5dc3c780ca0c8514609ed4865d1774df4bcc10cf7374ac5a1fadba6b4db11d22ced0068df83168de73b4c9bb8b582f3f613
- SSDEEP
  
  24576:cQbz+mcdH5sY0DOMLiMXSspgE1vIXLYGXmRhzPchYUhER58q06jysYGKY9bCs6vB:J4dH58LLSspgE1v0LpQzPNdD06ofWCeA
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence