8b3be3a4a4450ddf30fcee51f0b11b54d0635014c20fb4f91456eb0b83b3b7e0 | Triage

Sharing

General

Target

c15bba9fc1f8029a327c44e6d9e67d0b_JaffaCakes118
Size

326KB
Sample

240825-xhgqna1apq
MD5

c15bba9fc1f8029a327c44e6d9e67d0b
SHA1

8fe13e4d22ef9a40158a403b46e531ea9eb88bc6
SHA256

8b3be3a4a4450ddf30fcee51f0b11b54d0635014c20fb4f91456eb0b83b3b7e0
SHA512

bf7791e27978a76aa3495911ac390f88ff87068ca76b58bb68b0b8aae252f75d3812bf3f44e93e6b062dc24dc9d332d4afea76bbd81fb13765a71068650a6282
SSDEEP

6144:MjyC2y/Xi4/GuE/qDI9y2hp4sQFW4MxmDRTaUJOag/TbhGiTdS:M4y/y4/GuE/WaBhpUiKTmRXhGW8

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  c15bba9fc1f8029a327c44e6d9e67d0b_JaffaCakes118
- Size
  
  326KB
- MD5
  
  c15bba9fc1f8029a327c44e6d9e67d0b
- SHA1
  
  8fe13e4d22ef9a40158a403b46e531ea9eb88bc6
- SHA256
  
  8b3be3a4a4450ddf30fcee51f0b11b54d0635014c20fb4f91456eb0b83b3b7e0
- SHA512
  
  bf7791e27978a76aa3495911ac390f88ff87068ca76b58bb68b0b8aae252f75d3812bf3f44e93e6b062dc24dc9d332d4afea76bbd81fb13765a71068650a6282
- SSDEEP
  
  6144:MjyC2y/Xi4/GuE/qDI9y2hp4sQFW4MxmDRTaUJOag/TbhGiTdS:M4y/y4/GuE/WaBhpUiKTmRXhGW8
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2