9f204f2742254624026ae6fb7f416f1780d76ff2850c87de089a287c648ab3d5 | Triage

Sharing

General

Target

f6c20990f3634ca6bb129f1838934752_JaffaCakes118
Size

351KB
Sample

240925-ypyhesvdjj
MD5

f6c20990f3634ca6bb129f1838934752
SHA1

7a2dc769b5aecd6ea98dfc1814a633d23e8a0450
SHA256

9f204f2742254624026ae6fb7f416f1780d76ff2850c87de089a287c648ab3d5
SHA512

8c305ebf8aa9109c05de73f11ec2fdc6f23833feb0f0bb50c6509b78b0b3a3062ed8b0687bdb59734bbd42c279b0dc347467a4f6f16de6eb8e8e9d501161367e
SSDEEP

6144:Z3c4cg0RO2MjR63xbvpjEB14sVo5d53XJJYAW1MISGSFcov:ZiBTMo3xbvpoa5T35JjWrSGecQ

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  f6c20990f3634ca6bb129f1838934752_JaffaCakes118
- Size
  
  351KB
- MD5
  
  f6c20990f3634ca6bb129f1838934752
- SHA1
  
  7a2dc769b5aecd6ea98dfc1814a633d23e8a0450
- SHA256
  
  9f204f2742254624026ae6fb7f416f1780d76ff2850c87de089a287c648ab3d5
- SHA512
  
  8c305ebf8aa9109c05de73f11ec2fdc6f23833feb0f0bb50c6509b78b0b3a3062ed8b0687bdb59734bbd42c279b0dc347467a4f6f16de6eb8e8e9d501161367e
- SSDEEP
  
  6144:Z3c4cg0RO2MjR63xbvpjEB14sVo5d53XJJYAW1MISGSFcov:ZiBTMo3xbvpoa5T35JjWrSGecQ
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2