3bf9419fcc04fe18a9722baff7f1296e800dac616e1f97435039deb650f2e3b6 | Triage

Sharing

General

Target

d504487ff0dbdf5cd7ddcb7ba11a3c95_JaffaCakes118
Size

295KB
Sample

240908-yl22favfrb
MD5

d504487ff0dbdf5cd7ddcb7ba11a3c95
SHA1

b9c710b4a952b98a6279c9dc9522b09d683486e3
SHA256

3bf9419fcc04fe18a9722baff7f1296e800dac616e1f97435039deb650f2e3b6
SHA512

1d3186c6fe629845ae1e7770bfe8adf68e6ab1d6532a61dfa5c6fb1f797251f0ba397466e51d01abb57b98cc306f0eaa44df76dd782097687f484067e211c3f7
SSDEEP

6144:UiGtsLWAlqNC+B+1PTG/qm/PgCnmUSFMhl44+M/oI293Kj:LGtsLNt+s1PTEn/iUSFM84+rI26j

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  d504487ff0dbdf5cd7ddcb7ba11a3c95_JaffaCakes118
- Size
  
  295KB
- MD5
  
  d504487ff0dbdf5cd7ddcb7ba11a3c95
- SHA1
  
  b9c710b4a952b98a6279c9dc9522b09d683486e3
- SHA256
  
  3bf9419fcc04fe18a9722baff7f1296e800dac616e1f97435039deb650f2e3b6
- SHA512
  
  1d3186c6fe629845ae1e7770bfe8adf68e6ab1d6532a61dfa5c6fb1f797251f0ba397466e51d01abb57b98cc306f0eaa44df76dd782097687f484067e211c3f7
- SSDEEP
  
  6144:UiGtsLWAlqNC+B+1PTG/qm/PgCnmUSFMhl44+M/oI293Kj:LGtsLNt+s1PTEn/iUSFM84+rI26j
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2