ed29ea9721540a5aee4a62a7d7de25a70e0822e5bb9ab7417a136f2aa505bc9a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dd5e881646a03dc1050d9dee5422a1a2_JaffaCakes118
Size

56KB
Sample

240913-bdc11swcja
MD5

dd5e881646a03dc1050d9dee5422a1a2
SHA1

bd1c1b09b8d19c7b372ce8785d3daeae0716a329
SHA256

ed29ea9721540a5aee4a62a7d7de25a70e0822e5bb9ab7417a136f2aa505bc9a
SHA512

ace3b7d3c12f19599d60246e17c6ac260334f203481579765f69ba2f3064679662de11b6732b76ce06e31a2753c3b7ba2d485d34492bd30ef3a2ddba7c4495b0
SSDEEP

768:lLtH0iWeJotH3YuAik4WLXm63dkEtBBPg0xZazFDTjXE:lib4oVlJk4WLjXtBBPg0xIzFDvE

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  dd5e881646a03dc1050d9dee5422a1a2_JaffaCakes118
- Size
  
  56KB
- MD5
  
  dd5e881646a03dc1050d9dee5422a1a2
- SHA1
  
  bd1c1b09b8d19c7b372ce8785d3daeae0716a329
- SHA256
  
  ed29ea9721540a5aee4a62a7d7de25a70e0822e5bb9ab7417a136f2aa505bc9a
- SHA512
  
  ace3b7d3c12f19599d60246e17c6ac260334f203481579765f69ba2f3064679662de11b6732b76ce06e31a2753c3b7ba2d485d34492bd30ef3a2ddba7c4495b0
- SSDEEP
  
  768:lLtH0iWeJotH3YuAik4WLXm63dkEtBBPg0xZazFDTjXE:lib4oVlJk4WLjXtBBPg0xIzFDvE
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2