6563676a6e564ecb6b9956582463f50f1e12dec283854194a23c0b723a2d7f3f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d53b30e16baa95ba9a438f648bbd91b3_JaffaCakes118
Size

301KB
Sample

240908-2r9j9asala
MD5

d53b30e16baa95ba9a438f648bbd91b3
SHA1

6e424da84d5e51726948ebe539513b7b68a9fd69
SHA256

6563676a6e564ecb6b9956582463f50f1e12dec283854194a23c0b723a2d7f3f
SHA512

32905ca78683f52e37b2991c96f27c238ca675ed9c71f022dbccb0fa2acfdaf6ea06793322f30fbb37892d536882bac390a5aa9cfe76e2971f24cbb52d6a5593
SSDEEP

6144:BtuIDebxqdSzpWPu7g/Hc2dwv/rCPCE+nPTzojQNHJCO/ZUDfQ6w6BumW01QO:BttDx8kt/Hcmwv/rCK1nCQNHJHwsmumH

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  d53b30e16baa95ba9a438f648bbd91b3_JaffaCakes118
- Size
  
  301KB
- MD5
  
  d53b30e16baa95ba9a438f648bbd91b3
- SHA1
  
  6e424da84d5e51726948ebe539513b7b68a9fd69
- SHA256
  
  6563676a6e564ecb6b9956582463f50f1e12dec283854194a23c0b723a2d7f3f
- SHA512
  
  32905ca78683f52e37b2991c96f27c238ca675ed9c71f022dbccb0fa2acfdaf6ea06793322f30fbb37892d536882bac390a5aa9cfe76e2971f24cbb52d6a5593
- SSDEEP
  
  6144:BtuIDebxqdSzpWPu7g/Hc2dwv/rCPCE+nPTzojQNHJCO/ZUDfQ6w6BumW01QO:BttDx8kt/Hcmwv/rCK1nCQNHJHwsmumH
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2