b1137c8074f949bcdbb8dbbe6d41b58cad5518a8e9fcb4fdec2bfa75ff7f3815 | Triage

Sharing

General

Target

d035090fc7394875c3ac9dd1ecb84f32_JaffaCakes118
Size

321KB
Sample

240906-w8xn5asapm
MD5

d035090fc7394875c3ac9dd1ecb84f32
SHA1

33dd7eaf7f31602ae03cf6339bbab42163c9dc5e
SHA256

b1137c8074f949bcdbb8dbbe6d41b58cad5518a8e9fcb4fdec2bfa75ff7f3815
SHA512

8c7503d5c90d1db0a705720ce8453a999209b7bf33faeab3b57e36dce331f2e5254550216d0fe83d8a93707c1834c3b3327ba44d9c4773776ba845156cac220d
SSDEEP

6144:LT+FQopd7zswMHScIOq1G/PnRnC2CkErfoJ:OFhpUycBqwnRC2gcJ

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  d035090fc7394875c3ac9dd1ecb84f32_JaffaCakes118
- Size
  
  321KB
- MD5
  
  d035090fc7394875c3ac9dd1ecb84f32
- SHA1
  
  33dd7eaf7f31602ae03cf6339bbab42163c9dc5e
- SHA256
  
  b1137c8074f949bcdbb8dbbe6d41b58cad5518a8e9fcb4fdec2bfa75ff7f3815
- SHA512
  
  8c7503d5c90d1db0a705720ce8453a999209b7bf33faeab3b57e36dce331f2e5254550216d0fe83d8a93707c1834c3b3327ba44d9c4773776ba845156cac220d
- SSDEEP
  
  6144:LT+FQopd7zswMHScIOq1G/PnRnC2CkErfoJ:OFhpUycBqwnRC2gcJ
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2