c6ec37b122f1e1cac21b03e08823ea24581d67e61a76f346a02d59b328031b08 | Triage

Sharing

General

Target

fd8f161933611c0637c6b778146b52f3_JaffaCakes118
Size

355KB
Sample

240929-b6r1msvfqk
MD5

fd8f161933611c0637c6b778146b52f3
SHA1

851b646701bb2187589ebd79015b2b3bd8107885
SHA256

c6ec37b122f1e1cac21b03e08823ea24581d67e61a76f346a02d59b328031b08
SHA512

45d2d66e6376873260df51d700eb4f86c1410001f77ebdf8d018b11219984b8b523df5a7432bd89e11bdb869f4b92bc944dffae188083f2cb1104875a88dec39
SSDEEP

6144:Lvc/MQ3xemTjk1lythqRSLWjeMnvXdhUirU9mbn6o61I:Lk/Max8SLWyO/duyU9mbqS

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  fd8f161933611c0637c6b778146b52f3_JaffaCakes118
- Size
  
  355KB
- MD5
  
  fd8f161933611c0637c6b778146b52f3
- SHA1
  
  851b646701bb2187589ebd79015b2b3bd8107885
- SHA256
  
  c6ec37b122f1e1cac21b03e08823ea24581d67e61a76f346a02d59b328031b08
- SHA512
  
  45d2d66e6376873260df51d700eb4f86c1410001f77ebdf8d018b11219984b8b523df5a7432bd89e11bdb869f4b92bc944dffae188083f2cb1104875a88dec39
- SSDEEP
  
  6144:Lvc/MQ3xemTjk1lythqRSLWjeMnvXdhUirU9mbn6o61I:Lk/Max8SLWyO/duyU9mbqS
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2