3b731a6eb75535e16f881da6517370e7bf9561838954e5171d43e903bcd61a4e | Triage

Sharing

General

Target

ea85c35da0e0ad4d3af647f14ecde0b7_JaffaCakes118
Size

156KB
Sample

240919-d97llszbmp
MD5

ea85c35da0e0ad4d3af647f14ecde0b7
SHA1

8581ffb38a7b6f03e5db4c38c4c6c4a65f9f8397
SHA256

3b731a6eb75535e16f881da6517370e7bf9561838954e5171d43e903bcd61a4e
SHA512

7e97073c2fb7e730748b5c62bdf77c85486a7940207f59c3f2daedf1d75885ca27b83e95583da31356862a413c1826d910fb90def4358def03f46304c9d24559
SSDEEP

3072:YD1Yk6XEp2j+dneHR0vL5Ed6ybSTkYOgxT5NDXBpX8vaaI:Y2kmwneHa5Ed6GrYOgDjpMM

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  ea85c35da0e0ad4d3af647f14ecde0b7_JaffaCakes118
- Size
  
  156KB
- MD5
  
  ea85c35da0e0ad4d3af647f14ecde0b7
- SHA1
  
  8581ffb38a7b6f03e5db4c38c4c6c4a65f9f8397
- SHA256
  
  3b731a6eb75535e16f881da6517370e7bf9561838954e5171d43e903bcd61a4e
- SHA512
  
  7e97073c2fb7e730748b5c62bdf77c85486a7940207f59c3f2daedf1d75885ca27b83e95583da31356862a413c1826d910fb90def4358def03f46304c9d24559
- SSDEEP
  
  3072:YD1Yk6XEp2j+dneHR0vL5Ed6ybSTkYOgxT5NDXBpX8vaaI:Y2kmwneHa5Ed6GrYOgDjpMM
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence