1e2623c17e4955fae07c6763e1b23f3b1d01a4aaac06d307042f29be8ec5cecc | Triage

Sharing

General

Target

f5e2adb6d79eb7bb634f9eed33ff754c_JaffaCakes118
Size

996KB
Sample

240925-nclb8asbmj
MD5

f5e2adb6d79eb7bb634f9eed33ff754c
SHA1

ae8761b0c155588eca69d58def8e46d2a1060f91
SHA256

1e2623c17e4955fae07c6763e1b23f3b1d01a4aaac06d307042f29be8ec5cecc
SHA512

e58c7daca2133292f5b6b672630c3a6fdf1ea7a5dfaee3fe71736e94cd14edb1408970ad700ee6a9b04494be659230a48abda9a0c9671440eb60389ed7287506
SSDEEP

12288:G+ThrE567NIZN5BUIrzJY6Et+3kI7dC3X64P7r9r/+pppppppppppppppppppppt:G4JccI5BUcfEY7hO1qd0B3n1TSZrnBX

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  f5e2adb6d79eb7bb634f9eed33ff754c_JaffaCakes118
- Size
  
  996KB
- MD5
  
  f5e2adb6d79eb7bb634f9eed33ff754c
- SHA1
  
  ae8761b0c155588eca69d58def8e46d2a1060f91
- SHA256
  
  1e2623c17e4955fae07c6763e1b23f3b1d01a4aaac06d307042f29be8ec5cecc
- SHA512
  
  e58c7daca2133292f5b6b672630c3a6fdf1ea7a5dfaee3fe71736e94cd14edb1408970ad700ee6a9b04494be659230a48abda9a0c9671440eb60389ed7287506
- SSDEEP
  
  12288:G+ThrE567NIZN5BUIrzJY6Et+3kI7dC3X64P7r9r/+pppppppppppppppppppppt:G4JccI5BUcfEY7hO1qd0B3n1TSZrnBX
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence