59b21806ebe9545bf79f1d066a923bfde0e47b606125b855f1d5a0618d13c634 | Triage

Sharing

General

Target

ff5a6d75428b42b94881b656d65aa6a4_JaffaCakes118
Size

333KB
Sample

240929-z79tva1ejq
MD5

ff5a6d75428b42b94881b656d65aa6a4
SHA1

199b66001dbb8c7778811bb2d65e3efbb8b55f92
SHA256

59b21806ebe9545bf79f1d066a923bfde0e47b606125b855f1d5a0618d13c634
SHA512

fe44ad0d2a9b928b9761a5f3d6e06733b241145355dea2a98fa8758342fd698e2252de0b2b0c92e293922fce0a5039117caa8812db7993ff8d094c3a877627a0
SSDEEP

6144:oIWf3OhjikGhVZI7iJJ3y3KC1BGctYLBRNQPW3:oIWf+hji1VZIOJJ3khBGJL+PU

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  ff5a6d75428b42b94881b656d65aa6a4_JaffaCakes118
- Size
  
  333KB
- MD5
  
  ff5a6d75428b42b94881b656d65aa6a4
- SHA1
  
  199b66001dbb8c7778811bb2d65e3efbb8b55f92
- SHA256
  
  59b21806ebe9545bf79f1d066a923bfde0e47b606125b855f1d5a0618d13c634
- SHA512
  
  fe44ad0d2a9b928b9761a5f3d6e06733b241145355dea2a98fa8758342fd698e2252de0b2b0c92e293922fce0a5039117caa8812db7993ff8d094c3a877627a0
- SSDEEP
  
  6144:oIWf3OhjikGhVZI7iJJ3y3KC1BGctYLBRNQPW3:oIWf+hji1VZIOJJ3khBGJL+PU
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2