1dad932e8f9c5c0b2ff1fd7576638d0f9ab7e9a16c778709426f4ed0c676cdd9 | Triage

Sharing

General

Target

ea88491da04af9b09050cf2f5026801d_JaffaCakes118
Size

704KB
Sample

240919-eec9yszdpj
MD5

ea88491da04af9b09050cf2f5026801d
SHA1

bc808485e6cf28f4f98a79bcbb12c30ec12cd5dc
SHA256

1dad932e8f9c5c0b2ff1fd7576638d0f9ab7e9a16c778709426f4ed0c676cdd9
SHA512

089b95ecf425b559bcd2a7c93f18595dbe1ddc7450a9cf4b421c360198c62b916ff1da382c6d289d240b4790738923392ad3d7f11281b468d1b2785780347311
SSDEEP

12288:bXYZbbIvcQ+zxBcz5RrNrERFJcXqSLpn8c3Fw6sxEIu:bIdIvj+zPcz5RhrERFJcv1n/sxEI

Score

8^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  ea88491da04af9b09050cf2f5026801d_JaffaCakes118
- Size
  
  704KB
- MD5
  
  ea88491da04af9b09050cf2f5026801d
- SHA1
  
  bc808485e6cf28f4f98a79bcbb12c30ec12cd5dc
- SHA256
  
  1dad932e8f9c5c0b2ff1fd7576638d0f9ab7e9a16c778709426f4ed0c676cdd9
- SHA512
  
  089b95ecf425b559bcd2a7c93f18595dbe1ddc7450a9cf4b421c360198c62b916ff1da382c6d289d240b4790738923392ad3d7f11281b468d1b2785780347311
- SSDEEP
  
  12288:bXYZbbIvcQ+zxBcz5RrNrERFJcXqSLpn8c3Fw6sxEIu:bIdIvj+zPcz5RhrERFJcv1n/sxEI
Score

8^/10

discovery evasion persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence