6404a55618bbd0d09de1ff75d4254097529f50be539e0acc4f919ad8924e7166 | Triage

Sharing

General

Target

f6ad3e81a2a2a0a13f92b9eb6ef9e079_JaffaCakes118
Size

191KB
Sample

240925-xtp66svhnc
MD5

f6ad3e81a2a2a0a13f92b9eb6ef9e079
SHA1

8ad2585ac6ea428cb26a5c8deaf00145322fd433
SHA256

6404a55618bbd0d09de1ff75d4254097529f50be539e0acc4f919ad8924e7166
SHA512

1e0204ae8947d7ab7debdf15dfeb7ed3832ec41a7f24b89a9455c5e57da836a3953213870b6dcc078f840771e6b781493f7636b327a66c3164eb01690865a728
SSDEEP

3072:nz2HEk0K2TNRG31mIp+NPqDLyU+J1A1VrZu1GEQk23QXZnB826YVt4zHd965:n630jTpS+NCHTu1+FZuEZiJCsVtAHK

Score

7^/10

discovery persistence upx

Malware Config

Targets

- Target
  
  f6ad3e81a2a2a0a13f92b9eb6ef9e079_JaffaCakes118
- Size
  
  191KB
- MD5
  
  f6ad3e81a2a2a0a13f92b9eb6ef9e079
- SHA1
  
  8ad2585ac6ea428cb26a5c8deaf00145322fd433
- SHA256
  
  6404a55618bbd0d09de1ff75d4254097529f50be539e0acc4f919ad8924e7166
- SHA512
  
  1e0204ae8947d7ab7debdf15dfeb7ed3832ec41a7f24b89a9455c5e57da836a3953213870b6dcc078f840771e6b781493f7636b327a66c3164eb01690865a728
- SSDEEP
  
  3072:nz2HEk0K2TNRG31mIp+NPqDLyU+J1A1VrZu1GEQk23QXZnB826YVt4zHd965:n630jTpS+NCHTu1+FZuEZiJCsVtAHK
Score

7^/10

discovery persistence upx
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceupx

behavioral2