d8f027de01d835c1ebc363a2465fc2642658504b5383745848753ca8c5ba1fba | Triage

Sharing

General

Target

ce2acdfb099d03ca2d628bf4fde7af77_JaffaCakes118
Size

364KB
Sample

240905-3n6jvsvaqk
MD5

ce2acdfb099d03ca2d628bf4fde7af77
SHA1

57e98da2bfba556260fafee21337d8d89bbf7000
SHA256

d8f027de01d835c1ebc363a2465fc2642658504b5383745848753ca8c5ba1fba
SHA512

2f2dfd841b94bf51e10c4cbd66a750b293e2635fa78886d0024e39f75eb82e27dc1736c4f5664553b2719d6919dde5b3645c24f9dc27f9b8759e23a266355f2e
SSDEEP

6144:ibCdhkyzFFbIX0zE9NKFEWNFfK4CS0NwIg2+fFBFFrkiEw:imdKWbIXxcXNkjNgZf1Fr5

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  ce2acdfb099d03ca2d628bf4fde7af77_JaffaCakes118
- Size
  
  364KB
- MD5
  
  ce2acdfb099d03ca2d628bf4fde7af77
- SHA1
  
  57e98da2bfba556260fafee21337d8d89bbf7000
- SHA256
  
  d8f027de01d835c1ebc363a2465fc2642658504b5383745848753ca8c5ba1fba
- SHA512
  
  2f2dfd841b94bf51e10c4cbd66a750b293e2635fa78886d0024e39f75eb82e27dc1736c4f5664553b2719d6919dde5b3645c24f9dc27f9b8759e23a266355f2e
- SSDEEP
  
  6144:ibCdhkyzFFbIX0zE9NKFEWNFfK4CS0NwIg2+fFBFFrkiEw:imdKWbIXxcXNkjNgZf1Fr5
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2