742177d870475f601c0813ec66829b562f90b9ff94522db0d4504b952d2392e9 | Triage

Sharing

General

Target

e9d2513226f067473b8a7be8fb3690a9_JaffaCakes118
Size

321KB
Sample

240918-x5m6ysyfqc
MD5

e9d2513226f067473b8a7be8fb3690a9
SHA1

026be9126ffd39591f39c9e06bda3a07d95db95c
SHA256

742177d870475f601c0813ec66829b562f90b9ff94522db0d4504b952d2392e9
SHA512

ff05cb41808d26862f2920797fa12af5f104547e7cff4d2a43ed9302c0bd3eda6f354552021d9b563503fff388e30b59f48b6e0128ca89ff61f9f6865e36db8c
SSDEEP

6144:/T+FQotd7PswMHScIOq1G/PFRnC2CkErfoW:SFhtgycBqwFRC2gcW

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  e9d2513226f067473b8a7be8fb3690a9_JaffaCakes118
- Size
  
  321KB
- MD5
  
  e9d2513226f067473b8a7be8fb3690a9
- SHA1
  
  026be9126ffd39591f39c9e06bda3a07d95db95c
- SHA256
  
  742177d870475f601c0813ec66829b562f90b9ff94522db0d4504b952d2392e9
- SHA512
  
  ff05cb41808d26862f2920797fa12af5f104547e7cff4d2a43ed9302c0bd3eda6f354552021d9b563503fff388e30b59f48b6e0128ca89ff61f9f6865e36db8c
- SSDEEP
  
  6144:/T+FQotd7PswMHScIOq1G/PFRnC2CkErfoW:SFhtgycBqwFRC2gcW
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2