fd9021843bc9362c40f43396d9d207f9b3a69d5ccf07a31cf74bbff3f9d301b7 | Triage

Sharing

General

Target

c8d91b37467bbd34b0d5f4b267c5bc17_JaffaCakes118
Size

265KB
Sample

240829-p2agpathmr
MD5

c8d91b37467bbd34b0d5f4b267c5bc17
SHA1

8f0023dc7ce1954d9a2af35b4449fb089b88630a
SHA256

fd9021843bc9362c40f43396d9d207f9b3a69d5ccf07a31cf74bbff3f9d301b7
SHA512

e3dc196a4cc6490521fd62cdfcd7094763a6bc10cd7e9f5267f735ef0e8fa8ed18577eaa17a35666ea00c75d4875dc01001a13afbc85bdbfa391223b2bff5820
SSDEEP

6144:P4K38G5g3U6R4W8lrUzTQb+atp5Hz46YXQv2ZQz5kjSTB0dMUxYKN:pGTOUzMyuzHzUAv75k2C1

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  c8d91b37467bbd34b0d5f4b267c5bc17_JaffaCakes118
- Size
  
  265KB
- MD5
  
  c8d91b37467bbd34b0d5f4b267c5bc17
- SHA1
  
  8f0023dc7ce1954d9a2af35b4449fb089b88630a
- SHA256
  
  fd9021843bc9362c40f43396d9d207f9b3a69d5ccf07a31cf74bbff3f9d301b7
- SHA512
  
  e3dc196a4cc6490521fd62cdfcd7094763a6bc10cd7e9f5267f735ef0e8fa8ed18577eaa17a35666ea00c75d4875dc01001a13afbc85bdbfa391223b2bff5820
- SSDEEP
  
  6144:P4K38G5g3U6R4W8lrUzTQb+atp5Hz46YXQv2ZQz5kjSTB0dMUxYKN:pGTOUzMyuzHzUAv75k2C1
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2