c96843b605bccb7c7846ba2c156dea3154f6764a391e20ad5b3bc3ba43408909 | Triage

Sharing

General

Target

ead1127bd0bb34c58c8307ee206970ec_JaffaCakes118
Size

64KB
Sample

240919-hxdvzswhlk
MD5

ead1127bd0bb34c58c8307ee206970ec
SHA1

4af8a23f8b0bbbd41fdb3aaba1d91ad689ed6373
SHA256

c96843b605bccb7c7846ba2c156dea3154f6764a391e20ad5b3bc3ba43408909
SHA512

cf963a2cfeac176ce5dbb91201c7fc3f1080fd8879e690608a498b08c904a0d2dab32b360a3f2369d66fba7e0bc62744c8dfc0613f7135c67d2cbcc212d47864
SSDEEP

768:HtpegE1E1F3EIFtNagS0NvU1iwO8LJADzIdlNdZ55MaF3u8wQR/nge/JODS3:HtpluE11t4gSOvPwO8LnlJdVBjMS3

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  ead1127bd0bb34c58c8307ee206970ec_JaffaCakes118
- Size
  
  64KB
- MD5
  
  ead1127bd0bb34c58c8307ee206970ec
- SHA1
  
  4af8a23f8b0bbbd41fdb3aaba1d91ad689ed6373
- SHA256
  
  c96843b605bccb7c7846ba2c156dea3154f6764a391e20ad5b3bc3ba43408909
- SHA512
  
  cf963a2cfeac176ce5dbb91201c7fc3f1080fd8879e690608a498b08c904a0d2dab32b360a3f2369d66fba7e0bc62744c8dfc0613f7135c67d2cbcc212d47864
- SSDEEP
  
  768:HtpegE1E1F3EIFtNagS0NvU1iwO8LJADzIdlNdZ55MaF3u8wQR/nge/JODS3:HtpluE11t4gSOvPwO8LnlJdVBjMS3
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence