ae30d329e495c17a41c54c796af438b0a07c37a81f7ba4b79f3d8f265463a11a | Triage

Sharing

General

Target

ea97c74f02325c3b1a607bb528260cc6_JaffaCakes118
Size

298KB
Sample

240919-e6jwta1dme
MD5

ea97c74f02325c3b1a607bb528260cc6
SHA1

09025935a40c21779a7ffbf875c81b2a4c962c47
SHA256

ae30d329e495c17a41c54c796af438b0a07c37a81f7ba4b79f3d8f265463a11a
SHA512

b35f34a4b09d96a9e86b5cde6b3b8050d4b7bdb9402b3f68f554e49496bbd9ec97426b6bc8de5cd0c62d96a2f39488ea1f48355d12b86b21d04bd1eefcbe1a77
SSDEEP

6144:Y0+N1vcAwzqEybL8eIiqLnFHcua12BM6SZMIEKYq5/yM:LSyAXJ8e8LXo6MCKYq5/N

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  ea97c74f02325c3b1a607bb528260cc6_JaffaCakes118
- Size
  
  298KB
- MD5
  
  ea97c74f02325c3b1a607bb528260cc6
- SHA1
  
  09025935a40c21779a7ffbf875c81b2a4c962c47
- SHA256
  
  ae30d329e495c17a41c54c796af438b0a07c37a81f7ba4b79f3d8f265463a11a
- SHA512
  
  b35f34a4b09d96a9e86b5cde6b3b8050d4b7bdb9402b3f68f554e49496bbd9ec97426b6bc8de5cd0c62d96a2f39488ea1f48355d12b86b21d04bd1eefcbe1a77
- SSDEEP
  
  6144:Y0+N1vcAwzqEybL8eIiqLnFHcua12BM6SZMIEKYq5/yM:LSyAXJ8e8LXo6MCKYq5/N
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2