6d2280da6202c07301bdc52ea0f79007b9fd05442e8a86827d1e3d3ef5c82c65 | Triage

Sharing

General

Target

f55036f99312dcb6ef87d92857920b8e_JaffaCakes118
Size

221KB
Sample

240925-gdlk2s1dlf
MD5

f55036f99312dcb6ef87d92857920b8e
SHA1

be59ac8edb6735742267b613ef744c9082494500
SHA256

6d2280da6202c07301bdc52ea0f79007b9fd05442e8a86827d1e3d3ef5c82c65
SHA512

8edad9f4c529f9acd6dfc74b04a9ebf448815a9abf4dda1a502d3adb78b24f624af563ff931048cee2cbee19113434e86d95b5846778db8665e92ee96f0820a3
SSDEEP

6144:DFRaz8hTc6iY+kwhKVFFZdGVpUmToMOMlXB:DFRaohTHijkwhYZgUm0H2B

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  f55036f99312dcb6ef87d92857920b8e_JaffaCakes118
- Size
  
  221KB
- MD5
  
  f55036f99312dcb6ef87d92857920b8e
- SHA1
  
  be59ac8edb6735742267b613ef744c9082494500
- SHA256
  
  6d2280da6202c07301bdc52ea0f79007b9fd05442e8a86827d1e3d3ef5c82c65
- SHA512
  
  8edad9f4c529f9acd6dfc74b04a9ebf448815a9abf4dda1a502d3adb78b24f624af563ff931048cee2cbee19113434e86d95b5846778db8665e92ee96f0820a3
- SSDEEP
  
  6144:DFRaz8hTc6iY+kwhKVFFZdGVpUmToMOMlXB:DFRaohTHijkwhYZgUm0H2B
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2