General
-
Target
ea750a226072079994408384841174ac_JaffaCakes118
-
Size
309KB
-
Sample
240919-detq9sxdlg
-
MD5
ea750a226072079994408384841174ac
-
SHA1
b692ba9a2e3b2d5cc1c1656fc4a9b0f08d4834e9
-
SHA256
68e599077e7b9cb5c7104d4967667071ff43e9f3d7983678ec32171c37061fa3
-
SHA512
70c4eb7798f76dd139e70f890a4f16933d45824b4225e13a438c0e71b0ecd7ac18b777c80b861a4f86c836a6eecb73c0f1cf50a06b082e8f1746ff2c4ed397cc
-
SSDEEP
6144:kKezh9KNPCA/n7o+fZJMKgkN/99Cz9kZVlvmFJ2B:k3zFA/7oUJTRWxS42B
Malware Config
Targets
-
-
Target
ea750a226072079994408384841174ac_JaffaCakes118
-
Size
309KB
-
MD5
ea750a226072079994408384841174ac
-
SHA1
b692ba9a2e3b2d5cc1c1656fc4a9b0f08d4834e9
-
SHA256
68e599077e7b9cb5c7104d4967667071ff43e9f3d7983678ec32171c37061fa3
-
SHA512
70c4eb7798f76dd139e70f890a4f16933d45824b4225e13a438c0e71b0ecd7ac18b777c80b861a4f86c836a6eecb73c0f1cf50a06b082e8f1746ff2c4ed397cc
-
SSDEEP
6144:kKezh9KNPCA/n7o+fZJMKgkN/99Cz9kZVlvmFJ2B:k3zFA/7oUJTRWxS42B
Score8/10-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2