fc49d751251de2614b093d49233d04b9ad4127a49cce34fad48af38dd04a44d2 | Triage

Sharing

General

Target

e1056c51c067e1e6d097033e7e73f7c7_JaffaCakes118
Size

377KB
Sample

240914-zrxvcawblk
MD5

e1056c51c067e1e6d097033e7e73f7c7
SHA1

669afb85c080496b1b24410110cefed2641519d3
SHA256

fc49d751251de2614b093d49233d04b9ad4127a49cce34fad48af38dd04a44d2
SHA512

63a060c6945c84c620fefa196472654753ad91cbb63588ccaaf366f51a9726c3f03c09f24b50831684c27891ddb532bc783a14e8fbbf37f28a9d2f778922bcbc
SSDEEP

6144:YB8kev8CcOsW1D8fBUHEv8a6dRPMfbt4xb7s5evZq/Ve2:YmkevXfsgofyHHREfbSbfvZc

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  e1056c51c067e1e6d097033e7e73f7c7_JaffaCakes118
- Size
  
  377KB
- MD5
  
  e1056c51c067e1e6d097033e7e73f7c7
- SHA1
  
  669afb85c080496b1b24410110cefed2641519d3
- SHA256
  
  fc49d751251de2614b093d49233d04b9ad4127a49cce34fad48af38dd04a44d2
- SHA512
  
  63a060c6945c84c620fefa196472654753ad91cbb63588ccaaf366f51a9726c3f03c09f24b50831684c27891ddb532bc783a14e8fbbf37f28a9d2f778922bcbc
- SSDEEP
  
  6144:YB8kev8CcOsW1D8fBUHEv8a6dRPMfbt4xb7s5evZq/Ve2:YmkevXfsgofyHHREfbSbfvZc
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2