498cea45e4cd6ee432e71943548de2861e75062b5d1e4101da66d14c515004b4 | Triage

Sharing

General

Target

ea749825dbeff15b30a733c4505514fb_JaffaCakes118
Size

152KB
Sample

240919-dd14ysxdjb
MD5

ea749825dbeff15b30a733c4505514fb
SHA1

983cf7614bccf1f9dc736912747ec2cd3f5e3627
SHA256

498cea45e4cd6ee432e71943548de2861e75062b5d1e4101da66d14c515004b4
SHA512

c3c8e3f1c13ffeee3b6df6fb8fd62f2a96c26f224aa862d47e1d3960bd8d7132df131a3d0388756ad8efd6464284221b19ff7dfd4b8e38bd3bdbff0c827c2025
SSDEEP

3072:TJjlBdwsu7LTaoczAyTB316K9VeHgH/cnAIEm8WfLMKI2esSnXDlzMV:TJjTqD/Nc0yT7AH+cAIEm8OMKzeZnXDg

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  ea749825dbeff15b30a733c4505514fb_JaffaCakes118
- Size
  
  152KB
- MD5
  
  ea749825dbeff15b30a733c4505514fb
- SHA1
  
  983cf7614bccf1f9dc736912747ec2cd3f5e3627
- SHA256
  
  498cea45e4cd6ee432e71943548de2861e75062b5d1e4101da66d14c515004b4
- SHA512
  
  c3c8e3f1c13ffeee3b6df6fb8fd62f2a96c26f224aa862d47e1d3960bd8d7132df131a3d0388756ad8efd6464284221b19ff7dfd4b8e38bd3bdbff0c827c2025
- SSDEEP
  
  3072:TJjlBdwsu7LTaoczAyTB316K9VeHgH/cnAIEm8WfLMKI2esSnXDlzMV:TJjTqD/Nc0yT7AH+cAIEm8OMKzeZnXDg
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence