c3e6584d25916d1d217ebb1f52f5789b49faf3b84b4c4073d7c85f87c41d3fe1 | Triage

Sharing

General

Target

ff1da159e18030eac3d514abffded2d1_JaffaCakes118
Size

335KB
Sample

240929-w2tnwsvejn
MD5

ff1da159e18030eac3d514abffded2d1
SHA1

0a2dff7a50b77230d87bfa82e3c59adc22900685
SHA256

c3e6584d25916d1d217ebb1f52f5789b49faf3b84b4c4073d7c85f87c41d3fe1
SHA512

548b93242d5afa7a7fa254135beddaac777cd05d6e90161e6d4d07fc36d3c41f0aa65684fd9531360feb23e7baf82094e6381b7a2eaab81c0a64e0aa3739c332
SSDEEP

6144:7DXD/LBcEG3tr5zppfdre1vYcCFU7z7zs0cPWwbAKrjN5LYLEDczC:7DXD/qEottNreLCF+XevN5LqE/

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  ff1da159e18030eac3d514abffded2d1_JaffaCakes118
- Size
  
  335KB
- MD5
  
  ff1da159e18030eac3d514abffded2d1
- SHA1
  
  0a2dff7a50b77230d87bfa82e3c59adc22900685
- SHA256
  
  c3e6584d25916d1d217ebb1f52f5789b49faf3b84b4c4073d7c85f87c41d3fe1
- SHA512
  
  548b93242d5afa7a7fa254135beddaac777cd05d6e90161e6d4d07fc36d3c41f0aa65684fd9531360feb23e7baf82094e6381b7a2eaab81c0a64e0aa3739c332
- SSDEEP
  
  6144:7DXD/LBcEG3tr5zppfdre1vYcCFU7z7zs0cPWwbAKrjN5LYLEDczC:7DXD/qEottNreLCF+XevN5LqE/
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2