140b6a94300ae3033e33e6c7a98f0bf64ddf669926cd1c7b3315c3f3fac6f031 | Triage

Sharing

General

Target

e0c5cf2f3842d8ee76c1209304c90b03_JaffaCakes118
Size

423KB
Sample

240914-w22z9syeqc
MD5

e0c5cf2f3842d8ee76c1209304c90b03
SHA1

5c849ec994803c11ccbf845474793076e3ed7750
SHA256

140b6a94300ae3033e33e6c7a98f0bf64ddf669926cd1c7b3315c3f3fac6f031
SHA512

7a63a3fb0e50862cb1ac406fc4ea203ba6a7c865291fef6efab7e38269db18f72e7917395a446ab353a0e8507281d328e89c4a15ee9eb7c592a238d63047deb1
SSDEEP

6144:uWrd4M+9IlrTo/6Zcn4T2wKO+y56SPDtpatLKw/HvP+6V+2ltjUDBEiTuNiF1x2W:uapoU2wmy56sp9w/3rqyjohvE0/

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  e0c5cf2f3842d8ee76c1209304c90b03_JaffaCakes118
- Size
  
  423KB
- MD5
  
  e0c5cf2f3842d8ee76c1209304c90b03
- SHA1
  
  5c849ec994803c11ccbf845474793076e3ed7750
- SHA256
  
  140b6a94300ae3033e33e6c7a98f0bf64ddf669926cd1c7b3315c3f3fac6f031
- SHA512
  
  7a63a3fb0e50862cb1ac406fc4ea203ba6a7c865291fef6efab7e38269db18f72e7917395a446ab353a0e8507281d328e89c4a15ee9eb7c592a238d63047deb1
- SSDEEP
  
  6144:uWrd4M+9IlrTo/6Zcn4T2wKO+y56SPDtpatLKw/HvP+6V+2ltjUDBEiTuNiF1x2W:uapoU2wmy56sp9w/3rqyjohvE0/
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence