3f8f51287752dc7cc7580dfbd04c6fd144fc9021b18ccf9ed4765f535bdcab3c | Triage

Sharing

General

Target

ce966903fa742b6aa969295fc6d8f561_JaffaCakes118
Size

373KB
Sample

240906-efymaavfqa
MD5

ce966903fa742b6aa969295fc6d8f561
SHA1

23028a8a199eaabe2d016c82c07cd5dd667a570b
SHA256

3f8f51287752dc7cc7580dfbd04c6fd144fc9021b18ccf9ed4765f535bdcab3c
SHA512

cdbe9f134296143b21d81ea36dc74ad857661600bf40d1ac59b2b5ad128a8b879f1ab2cba07cb2e923a92344dd412b35b68268030af424c5f85ec99cf71eaacf
SSDEEP

6144:wrcThnzQPSqzXXCydn3nozW5TFYkI4uLZMGLv+xxxxxxxxxxxxxxxxngxxxxxxxX:wAThzQPRH/dn34y3IbnLGxxxxxxxxxxA

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  ce966903fa742b6aa969295fc6d8f561_JaffaCakes118
- Size
  
  373KB
- MD5
  
  ce966903fa742b6aa969295fc6d8f561
- SHA1
  
  23028a8a199eaabe2d016c82c07cd5dd667a570b
- SHA256
  
  3f8f51287752dc7cc7580dfbd04c6fd144fc9021b18ccf9ed4765f535bdcab3c
- SHA512
  
  cdbe9f134296143b21d81ea36dc74ad857661600bf40d1ac59b2b5ad128a8b879f1ab2cba07cb2e923a92344dd412b35b68268030af424c5f85ec99cf71eaacf
- SSDEEP
  
  6144:wrcThnzQPSqzXXCydn3nozW5TFYkI4uLZMGLv+xxxxxxxxxxxxxxxxngxxxxxxxX:wAThzQPRH/dn34y3IbnLGxxxxxxxxxxA
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2