dd76d31441f4d6e5185d04c88b28979ac3fc21df51b14a5cc2a545fd98fb8a59 | Triage

Sharing

General

Target

d985a689baead468fe923e07fde823d3_JaffaCakes118
Size

20KB
Sample

240911-dtc23azcmr
MD5

d985a689baead468fe923e07fde823d3
SHA1

25b292036a460e06fef94a40a0a278717a27876a
SHA256

dd76d31441f4d6e5185d04c88b28979ac3fc21df51b14a5cc2a545fd98fb8a59
SHA512

74e147d2bcd3d8c5b61c003f18e3d6ec50bc4657fda185c9767d9c4c9b73a1f5f9220fa690863ac8d6899b7f5f980d073e8f0007c7bebf87d2b68561981cfd36
SSDEEP

192:0vx0YOqbspKLb1R5oifTdzKiQxl5/IOyLJodzQyzoVouazrsf6oyhH8o:KwpKHH5DfpUrIHJoxsVyz4Soy58o

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  d985a689baead468fe923e07fde823d3_JaffaCakes118
- Size
  
  20KB
- MD5
  
  d985a689baead468fe923e07fde823d3
- SHA1
  
  25b292036a460e06fef94a40a0a278717a27876a
- SHA256
  
  dd76d31441f4d6e5185d04c88b28979ac3fc21df51b14a5cc2a545fd98fb8a59
- SHA512
  
  74e147d2bcd3d8c5b61c003f18e3d6ec50bc4657fda185c9767d9c4c9b73a1f5f9220fa690863ac8d6899b7f5f980d073e8f0007c7bebf87d2b68561981cfd36
- SSDEEP
  
  192:0vx0YOqbspKLb1R5oifTdzKiQxl5/IOyLJodzQyzoVouazrsf6oyhH8o:KwpKHH5DfpUrIHJoxsVyz4Soy58o
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2