209ec7469c5ece74a902fd13cac9b4889f2d618678ccdb11950be7914fd916d4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe767c656e1aa35b5745307e63477e6c_JaffaCakes118
Size

21KB
Sample

240929-nyagvawgjg
MD5

fe767c656e1aa35b5745307e63477e6c
SHA1

dc2b989ac9c033753b3ab31187265f15428c0eb9
SHA256

209ec7469c5ece74a902fd13cac9b4889f2d618678ccdb11950be7914fd916d4
SHA512

94cbd5e8e47bf8b1e307e2b1704d61ed59391933fa10cb2beb82d53d5f3f05d6e1479c05b0d60aa0c54ce6e71eed3a6049b19209537c7c8585037c4e91285155
SSDEEP

384:6my52PZgQFB9GK04aJ7XU8v9Otwloy0Vm2Xj2XBPpl:vypFK0407XU5MoE2Tq1p

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  fe767c656e1aa35b5745307e63477e6c_JaffaCakes118
- Size
  
  21KB
- MD5
  
  fe767c656e1aa35b5745307e63477e6c
- SHA1
  
  dc2b989ac9c033753b3ab31187265f15428c0eb9
- SHA256
  
  209ec7469c5ece74a902fd13cac9b4889f2d618678ccdb11950be7914fd916d4
- SHA512
  
  94cbd5e8e47bf8b1e307e2b1704d61ed59391933fa10cb2beb82d53d5f3f05d6e1479c05b0d60aa0c54ce6e71eed3a6049b19209537c7c8585037c4e91285155
- SSDEEP
  
  384:6my52PZgQFB9GK04aJ7XU8v9Otwloy0Vm2Xj2XBPpl:vypFK0407XU5MoE2Tq1p
Score

8^/10

discovery persistence
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence