a9443bba35dbe71834b2d093ad2b2248788317b08584f6e7b1773e5df7125acb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c250f6e63fa55b9579a66210ee287c37_JaffaCakes118
Size

323KB
Sample

240826-fgscbswcmb
MD5

c250f6e63fa55b9579a66210ee287c37
SHA1

4b89d570a49c1c767ac6f4b3208b8a55d7833bfc
SHA256

a9443bba35dbe71834b2d093ad2b2248788317b08584f6e7b1773e5df7125acb
SHA512

e35bc8753d3400061644f8999a6f048cbc6e4d06f6c29c96e67d2d4ecccbf0d85526d59a1c8b679fdc4bef831dc2a6b5acd64950e0e3b2e77c3c3ba1398d7277
SSDEEP

6144:XSeZ/AlNOS3IUBr3fAMJ3XHW4qG3pGkoHXee2Ase+9P:d/AeS37TfAMJn2A3pEH+t

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  c250f6e63fa55b9579a66210ee287c37_JaffaCakes118
- Size
  
  323KB
- MD5
  
  c250f6e63fa55b9579a66210ee287c37
- SHA1
  
  4b89d570a49c1c767ac6f4b3208b8a55d7833bfc
- SHA256
  
  a9443bba35dbe71834b2d093ad2b2248788317b08584f6e7b1773e5df7125acb
- SHA512
  
  e35bc8753d3400061644f8999a6f048cbc6e4d06f6c29c96e67d2d4ecccbf0d85526d59a1c8b679fdc4bef831dc2a6b5acd64950e0e3b2e77c3c3ba1398d7277
- SSDEEP
  
  6144:XSeZ/AlNOS3IUBr3fAMJ3XHW4qG3pGkoHXee2Ase+9P:d/AeS37TfAMJn2A3pEH+t
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2