a1637dbe8b381cf5bc142a13bc8803bd8ad1cc38ca5580195affea3a186b9edc | Triage

Sharing

General

Target

eaa2475e90232a404f955407d743fe90_JaffaCakes118
Size

443KB
Sample

240919-fpjp6asdnr
MD5

eaa2475e90232a404f955407d743fe90
SHA1

3f853949f48429e5a83e8f4a4dfa79ab8a472428
SHA256

a1637dbe8b381cf5bc142a13bc8803bd8ad1cc38ca5580195affea3a186b9edc
SHA512

d656f54cbae3e644945f6caa8732289a2cd75796fe51b809bc61912529ae620ae373992deeeddd48bc88bd1f199415302fc092c453863c1ecf9b55be341e928f
SSDEEP

6144:/bzzv2J/jXGI/q3PW1yzF3ty5w9GhxQqdaV2i/eRoPJ5ln6Zd8HxSe2l:y7SqMz8QqdXi/eRoPThC

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  eaa2475e90232a404f955407d743fe90_JaffaCakes118
- Size
  
  443KB
- MD5
  
  eaa2475e90232a404f955407d743fe90
- SHA1
  
  3f853949f48429e5a83e8f4a4dfa79ab8a472428
- SHA256
  
  a1637dbe8b381cf5bc142a13bc8803bd8ad1cc38ca5580195affea3a186b9edc
- SHA512
  
  d656f54cbae3e644945f6caa8732289a2cd75796fe51b809bc61912529ae620ae373992deeeddd48bc88bd1f199415302fc092c453863c1ecf9b55be341e928f
- SSDEEP
  
  6144:/bzzv2J/jXGI/q3PW1yzF3ty5w9GhxQqdaV2i/eRoPJ5ln6Zd8HxSe2l:y7SqMz8QqdXi/eRoPThC
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2