eb6e6cdc1938ce18d7ab7b222ef38e6c82ccc78244f63b93d2b94c46c8ad12e2 | Triage

Sharing

General

Target

d49024573cb0763c1b33259ddbf4dd72_JaffaCakes118
Size

182KB
Sample

240908-rre1jatake
MD5

d49024573cb0763c1b33259ddbf4dd72
SHA1

01d977d66d665978ea921ee04c874ca7d16c3dbb
SHA256

eb6e6cdc1938ce18d7ab7b222ef38e6c82ccc78244f63b93d2b94c46c8ad12e2
SHA512

2a868b0a7fb7370363ee2e8d22eca5fd603035a1b11ca8b7736f48111068af6ef5fc0c94db7a96b341e24f63a26e5e0622eb5758215348360b5693bc2d2c28b1
SSDEEP

3072:0rkR5Qp0mB63UtF1xZTV6HT7bIq1j1FbbTS/GzDMts:04R5Z2BtIgm5S/YIq

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  d49024573cb0763c1b33259ddbf4dd72_JaffaCakes118
- Size
  
  182KB
- MD5
  
  d49024573cb0763c1b33259ddbf4dd72
- SHA1
  
  01d977d66d665978ea921ee04c874ca7d16c3dbb
- SHA256
  
  eb6e6cdc1938ce18d7ab7b222ef38e6c82ccc78244f63b93d2b94c46c8ad12e2
- SHA512
  
  2a868b0a7fb7370363ee2e8d22eca5fd603035a1b11ca8b7736f48111068af6ef5fc0c94db7a96b341e24f63a26e5e0622eb5758215348360b5693bc2d2c28b1
- SSDEEP
  
  3072:0rkR5Qp0mB63UtF1xZTV6HT7bIq1j1FbbTS/GzDMts:04R5Z2BtIgm5S/YIq
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2