a1e3fc3af4a3a6f8a33bf46867ce07e24ea158cff4cc2857e155fa4f51e16f34 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bcf067f5f443d64500b083614b56b49d_JaffaCakes118
Size

333KB
Sample

240823-ymf6csshpg
MD5

bcf067f5f443d64500b083614b56b49d
SHA1

96dbc9663d621da4961bf06122bca18d032f71f5
SHA256

a1e3fc3af4a3a6f8a33bf46867ce07e24ea158cff4cc2857e155fa4f51e16f34
SHA512

100957b6eb3e4bb125444df548c0463df56e496b324128b35767ce03e1e28c375c8e8aa7d51dbc26d519f187b5b1196ca615e90357c80a472ff66e825cfb8b52
SSDEEP

6144:G39Nx/7jpOqn4kbVT8jDL+hiScSeZrqYEk1mwEVEP:4z17FOGbVT8jDLAiMDWQV+

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  bcf067f5f443d64500b083614b56b49d_JaffaCakes118
- Size
  
  333KB
- MD5
  
  bcf067f5f443d64500b083614b56b49d
- SHA1
  
  96dbc9663d621da4961bf06122bca18d032f71f5
- SHA256
  
  a1e3fc3af4a3a6f8a33bf46867ce07e24ea158cff4cc2857e155fa4f51e16f34
- SHA512
  
  100957b6eb3e4bb125444df548c0463df56e496b324128b35767ce03e1e28c375c8e8aa7d51dbc26d519f187b5b1196ca615e90357c80a472ff66e825cfb8b52
- SSDEEP
  
  6144:G39Nx/7jpOqn4kbVT8jDL+hiScSeZrqYEk1mwEVEP:4z17FOGbVT8jDLAiMDWQV+
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2