2102b97cba2a388ddf27bfab51719b32f013d9e568af48e042048ec3cf1be607 | Triage

Sharing

General

Target

b6e9cd1878d633255e162394ec11d933_JaffaCakes118
Size

273KB
Sample

240822-jxblaszbkr
MD5

b6e9cd1878d633255e162394ec11d933
SHA1

5066f55c6f203fd8a53c29294f7b2c0b64957d39
SHA256

2102b97cba2a388ddf27bfab51719b32f013d9e568af48e042048ec3cf1be607
SHA512

5e7f0ff749d57b6c4de5ab635db64f9c471bbbfafdc476dbabe611819da727b44fc91f1c2755cadd95d5621268906ff29428956edb276bb78c00a021071597c9
SSDEEP

6144:q2hRj8so5VT35s+NXNH5POa+kwsDnl5xDZeNeOq0xGGujQ:PhJ09V5Qk1l5xDZueOq0xGGr

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  b6e9cd1878d633255e162394ec11d933_JaffaCakes118
- Size
  
  273KB
- MD5
  
  b6e9cd1878d633255e162394ec11d933
- SHA1
  
  5066f55c6f203fd8a53c29294f7b2c0b64957d39
- SHA256
  
  2102b97cba2a388ddf27bfab51719b32f013d9e568af48e042048ec3cf1be607
- SHA512
  
  5e7f0ff749d57b6c4de5ab635db64f9c471bbbfafdc476dbabe611819da727b44fc91f1c2755cadd95d5621268906ff29428956edb276bb78c00a021071597c9
- SSDEEP
  
  6144:q2hRj8so5VT35s+NXNH5POa+kwsDnl5xDZeNeOq0xGGujQ:PhJ09V5Qk1l5xDZueOq0xGGr
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2