efe89e4ae67a1a92284e29fcccf29b4c58aa947a9c38005410a9fcaafa5e1a63 | Triage

Sharing

General

Target

d43701b37ba732f2ff5ed08383661328_JaffaCakes118
Size

312KB
Sample

240908-m62qmaselr
MD5

d43701b37ba732f2ff5ed08383661328
SHA1

981263e5607f5e19feca498267cfbd8356d12433
SHA256

efe89e4ae67a1a92284e29fcccf29b4c58aa947a9c38005410a9fcaafa5e1a63
SHA512

8dc2e6681bcd1de5f06964f080f4812e57126f0dfdaf13941a25eb56a60ef66ef20a8e80dbcd152e120c13e304251b7e3901238265d68c820b45b0c2bbb23c3d
SSDEEP

6144:zyOuBlo8dCyd1dUhAE74jvaG66xegV+/mJC63WIOP+tN1JB5fnKf:zsdjaUq6QgV+OvSPG175fKf

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  d43701b37ba732f2ff5ed08383661328_JaffaCakes118
- Size
  
  312KB
- MD5
  
  d43701b37ba732f2ff5ed08383661328
- SHA1
  
  981263e5607f5e19feca498267cfbd8356d12433
- SHA256
  
  efe89e4ae67a1a92284e29fcccf29b4c58aa947a9c38005410a9fcaafa5e1a63
- SHA512
  
  8dc2e6681bcd1de5f06964f080f4812e57126f0dfdaf13941a25eb56a60ef66ef20a8e80dbcd152e120c13e304251b7e3901238265d68c820b45b0c2bbb23c3d
- SSDEEP
  
  6144:zyOuBlo8dCyd1dUhAE74jvaG66xegV+/mJC63WIOP+tN1JB5fnKf:zsdjaUq6QgV+OvSPG175fKf
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2