d77625702dfab61237a811787615d8876d7e428f8565e4b5bb94aa8570aba91e | Triage

Sharing

General

Target

e15d691eae219c7ad805822744986514_JaffaCakes118
Size

148KB
Sample

240915-a2na8aweqj
MD5

e15d691eae219c7ad805822744986514
SHA1

b00169c8a10fc4da4187f4a324c17005a4cbbb30
SHA256

d77625702dfab61237a811787615d8876d7e428f8565e4b5bb94aa8570aba91e
SHA512

9bf7532f7ab5b04d86d8749de49d869ddef1ba5e27b52b08ae878f7e1f353239836b02cf5d407142b897eeff57b82c290b4ea4ce8bf5d0d02d57e8bfb97fee95
SSDEEP

3072:DMtxw9P+lOi1qNoLC6Rz4nAsJmySXsJjzYIFe2kmY4u:2xi+lz1qSdz41JSmzY32A4u

Score

10^/10

discovery evasion

Malware Config

Targets

- Target
  
  e15d691eae219c7ad805822744986514_JaffaCakes118
- Size
  
  148KB
- MD5
  
  e15d691eae219c7ad805822744986514
- SHA1
  
  b00169c8a10fc4da4187f4a324c17005a4cbbb30
- SHA256
  
  d77625702dfab61237a811787615d8876d7e428f8565e4b5bb94aa8570aba91e
- SHA512
  
  9bf7532f7ab5b04d86d8749de49d869ddef1ba5e27b52b08ae878f7e1f353239836b02cf5d407142b897eeff57b82c290b4ea4ce8bf5d0d02d57e8bfb97fee95
- SSDEEP
  
  3072:DMtxw9P+lOi1qNoLC6Rz4nAsJmySXsJjzYIFe2kmY4u:2xi+lz1qSdz41JSmzY32A4u
Score

10^/10

discovery evasion
- Modifies security service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion