e3ae8b80e901dcf4f11fc413011cb64d345e8925112f676c73753c50907230e4 | Triage

Sharing

General

Target

c8b35a7b5b63edb76b4138fea1a9f8c0_JaffaCakes118
Size

322KB
Sample

240829-m7myvsxhkg
MD5

c8b35a7b5b63edb76b4138fea1a9f8c0
SHA1

c510768dc8c5f78409d4571b5ac99bd8da198371
SHA256

e3ae8b80e901dcf4f11fc413011cb64d345e8925112f676c73753c50907230e4
SHA512

8d957fa61c42be0b6039c45858379649b7146710ed893e39612c7e61f67dc345d9cb5bb34cdcde77c66923808525947cb5fa59a2c118473bb5d1040903bc64d7
SSDEEP

6144:hicT3nzQPSqzXXNydn3nozW5TFYkI4uLZMGLv+xxxxxxxxxxxxxxxxngxxxxxxx7:hrT3zQPRHEdn34y3IbnLGxxxxxxxxxxo

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  c8b35a7b5b63edb76b4138fea1a9f8c0_JaffaCakes118
- Size
  
  322KB
- MD5
  
  c8b35a7b5b63edb76b4138fea1a9f8c0
- SHA1
  
  c510768dc8c5f78409d4571b5ac99bd8da198371
- SHA256
  
  e3ae8b80e901dcf4f11fc413011cb64d345e8925112f676c73753c50907230e4
- SHA512
  
  8d957fa61c42be0b6039c45858379649b7146710ed893e39612c7e61f67dc345d9cb5bb34cdcde77c66923808525947cb5fa59a2c118473bb5d1040903bc64d7
- SSDEEP
  
  6144:hicT3nzQPSqzXXNydn3nozW5TFYkI4uLZMGLv+xxxxxxxxxxxxxxxxngxxxxxxx7:hrT3zQPRHEdn34y3IbnLGxxxxxxxxxxo
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2