da476fc44b8b616f3b7696bbeab93512237414b3901c6ce4aad27daee41b6cb6 | Triage

Sharing

General

Target

bab0df802437d70d287a1cd20f090779_JaffaCakes118
Size

684KB
Sample

240823-g5d1aazbjc
MD5

bab0df802437d70d287a1cd20f090779
SHA1

c7af2bdc6aacc8e6756a5c4bc5162874a78a44f6
SHA256

da476fc44b8b616f3b7696bbeab93512237414b3901c6ce4aad27daee41b6cb6
SHA512

e34893ad80f33f9add4e7af5595dccdd7ceea44242161f1dd770fc674e70fc82e45b846b4821c70f5246a35c3bcae187eeb78fbfbbdfe0711b9588c53bd0799c
SSDEEP

12288:HYa/XO9RAiO/ZLTgB/zC6sgsJbUl6z6aPBe/k:1XWmRtm+6sj5UlCe

Score

8^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  bab0df802437d70d287a1cd20f090779_JaffaCakes118
- Size
  
  684KB
- MD5
  
  bab0df802437d70d287a1cd20f090779
- SHA1
  
  c7af2bdc6aacc8e6756a5c4bc5162874a78a44f6
- SHA256
  
  da476fc44b8b616f3b7696bbeab93512237414b3901c6ce4aad27daee41b6cb6
- SHA512
  
  e34893ad80f33f9add4e7af5595dccdd7ceea44242161f1dd770fc674e70fc82e45b846b4821c70f5246a35c3bcae187eeb78fbfbbdfe0711b9588c53bd0799c
- SSDEEP
  
  12288:HYa/XO9RAiO/ZLTgB/zC6sgsJbUl6z6aPBe/k:1XWmRtm+6sj5UlCe
Score

8^/10

discovery evasion persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence