5d074903e1032e1da363018eb17bc5f3548c8747991fab08f6be465f9826bf04 | Triage

Sharing

General

Target

bb7096445553a9927df5474867fc91e2_JaffaCakes118
Size

385KB
Sample

240823-m1x59aseln
MD5

bb7096445553a9927df5474867fc91e2
SHA1

4c443947efe1157f0ce8b30cf14755e529a11a98
SHA256

5d074903e1032e1da363018eb17bc5f3548c8747991fab08f6be465f9826bf04
SHA512

72139fe1bab2b6726337a1387d02dc999ac54c67769b68994bebc03c12b2a4b77158752fe51ac0d2a4a27f5c688eed4dee3a4aeaab78b07b79ddd200a3dbfc72
SSDEEP

6144:o/82mxLy7OvyilGHUmlXExMXWCDJSw4LlKg90H65Q6UZo70+Ph:oE2mJQkvmhExcTDJSzLk7a5QTc

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  bb7096445553a9927df5474867fc91e2_JaffaCakes118
- Size
  
  385KB
- MD5
  
  bb7096445553a9927df5474867fc91e2
- SHA1
  
  4c443947efe1157f0ce8b30cf14755e529a11a98
- SHA256
  
  5d074903e1032e1da363018eb17bc5f3548c8747991fab08f6be465f9826bf04
- SHA512
  
  72139fe1bab2b6726337a1387d02dc999ac54c67769b68994bebc03c12b2a4b77158752fe51ac0d2a4a27f5c688eed4dee3a4aeaab78b07b79ddd200a3dbfc72
- SSDEEP
  
  6144:o/82mxLy7OvyilGHUmlXExMXWCDJSw4LlKg90H65Q6UZo70+Ph:oE2mJQkvmhExcTDJSzLk7a5QTc
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2