d8e6bfd07b3ddba70c339c414fd723f1090d57c4260f90dcf864403735a07b2f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd3b4d200d248efb83a8b34ae213ada1_JaffaCakes118
Size

639KB
Sample

240928-1yywna1cqe
MD5

fd3b4d200d248efb83a8b34ae213ada1
SHA1

dc76368f9993364c5466ffc4d82d8eaf83516a99
SHA256

d8e6bfd07b3ddba70c339c414fd723f1090d57c4260f90dcf864403735a07b2f
SHA512

6192bab78b36039f32af7de376fde951b23e4b23a597876e7a36962ee00dcac723eb8afa9494bf93315fd72ffd25af5cff92818d64091e3c3f9dc508375cb892
SSDEEP

12288:hJU5E21oeVUIM08PoIO4CyU4YH4cMVvYTRzKa9FsOJKUWrNKdsk+:h81tZWC74YHBRhK6zKrNmsk+

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  fd3b4d200d248efb83a8b34ae213ada1_JaffaCakes118
- Size
  
  639KB
- MD5
  
  fd3b4d200d248efb83a8b34ae213ada1
- SHA1
  
  dc76368f9993364c5466ffc4d82d8eaf83516a99
- SHA256
  
  d8e6bfd07b3ddba70c339c414fd723f1090d57c4260f90dcf864403735a07b2f
- SHA512
  
  6192bab78b36039f32af7de376fde951b23e4b23a597876e7a36962ee00dcac723eb8afa9494bf93315fd72ffd25af5cff92818d64091e3c3f9dc508375cb892
- SSDEEP
  
  12288:hJU5E21oeVUIM08PoIO4CyU4YH4cMVvYTRzKa9FsOJKUWrNKdsk+:h81tZWC74YHBRhK6zKrNmsk+
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence