5f3732efb3484fb8610ad818a4c254f4d32c8944fd65754dbd2e62d67cc4572d | Triage

Sharing

General

Target

fc9649d3bf05c31afe83473567ef946f_JaffaCakes118
Size

2.1MB
Sample

240928-ss4kysvglc
MD5

fc9649d3bf05c31afe83473567ef946f
SHA1

8cdb3aa7dd6bb8c723f9449f2a57016264626c2b
SHA256

5f3732efb3484fb8610ad818a4c254f4d32c8944fd65754dbd2e62d67cc4572d
SHA512

4d44a1483b625cc1c13bff931528534686ed67bce27d65a43a7f8e8f5392d917df99ad066efe923f1675eb45c9a616e7eebb599eea03b4ba5883692cc52764cc
SSDEEP

12288:ExtSDS54HDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDo:E4njTuauW+7gbyCZQJh8KZddOLmr

Score

10^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  fc9649d3bf05c31afe83473567ef946f_JaffaCakes118
- Size
  
  2.1MB
- MD5
  
  fc9649d3bf05c31afe83473567ef946f
- SHA1
  
  8cdb3aa7dd6bb8c723f9449f2a57016264626c2b
- SHA256
  
  5f3732efb3484fb8610ad818a4c254f4d32c8944fd65754dbd2e62d67cc4572d
- SHA512
  
  4d44a1483b625cc1c13bff931528534686ed67bce27d65a43a7f8e8f5392d917df99ad066efe923f1675eb45c9a616e7eebb599eea03b4ba5883692cc52764cc
- SSDEEP
  
  12288:ExtSDS54HDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDo:E4njTuauW+7gbyCZQJh8KZddOLmr
Score

10^/10

discovery evasion persistence
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence