70da3104984cea94b717e1c3614a0e7730187e141d0ccffb465565d250ec5c68 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba2db64ee67af4f16be61edd38d6c64c_JaffaCakes118
Size

311KB
Sample

240823-dz99rashpb
MD5

ba2db64ee67af4f16be61edd38d6c64c
SHA1

8a4adc9d9463e0d15207a4d022125aad7ae2beaa
SHA256

70da3104984cea94b717e1c3614a0e7730187e141d0ccffb465565d250ec5c68
SHA512

4a8030bb0684b3124f2233bd44859c422470cb49c2eb715be36f7f215ccdb7dcff55a193978927c81c4905dffc470c72aa9cac7e275f8d1d9d7fc4d8a6aedd81
SSDEEP

6144:nS/3wVyBTl40pPKMHLdL1hALe+2NirdrQdZMwUKD0tD:nm3myr4wKMdoLT2NKcGw0

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  ba2db64ee67af4f16be61edd38d6c64c_JaffaCakes118
- Size
  
  311KB
- MD5
  
  ba2db64ee67af4f16be61edd38d6c64c
- SHA1
  
  8a4adc9d9463e0d15207a4d022125aad7ae2beaa
- SHA256
  
  70da3104984cea94b717e1c3614a0e7730187e141d0ccffb465565d250ec5c68
- SHA512
  
  4a8030bb0684b3124f2233bd44859c422470cb49c2eb715be36f7f215ccdb7dcff55a193978927c81c4905dffc470c72aa9cac7e275f8d1d9d7fc4d8a6aedd81
- SSDEEP
  
  6144:nS/3wVyBTl40pPKMHLdL1hALe+2NirdrQdZMwUKD0tD:nm3myr4wKMdoLT2NKcGw0
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2