7ef502136eae8b19d3c44fabfe592babfbe18e438a73797f2f8e656889dea1f0 | Triage

Sharing

General

Target

ffb5c9480616c75b7bb83689d5e1d661_JaffaCakes118
Size

181KB
Sample

240930-b8ne8swbjc
MD5

ffb5c9480616c75b7bb83689d5e1d661
SHA1

21420a1536f75be5016aa5bdc2142f4a81da2362
SHA256

7ef502136eae8b19d3c44fabfe592babfbe18e438a73797f2f8e656889dea1f0
SHA512

1ac84fd1be755cd5d1219f8099f60c2e8637c965683a09d94bbc938b23f77fb4b5b404a015383a8e90a723bcb1426500b0b97089eae100dc6cea7ca5ce2a358d
SSDEEP

3072:Rnj9PtfUKINndIc0Jr59BaimO/XHY1raezD1C6Pt/vW5BjWJ+afm0YY0JfNcPfbf:RjneifE0/XI+efAfjWJ+QIfNgKDFdq

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  ffb5c9480616c75b7bb83689d5e1d661_JaffaCakes118
- Size
  
  181KB
- MD5
  
  ffb5c9480616c75b7bb83689d5e1d661
- SHA1
  
  21420a1536f75be5016aa5bdc2142f4a81da2362
- SHA256
  
  7ef502136eae8b19d3c44fabfe592babfbe18e438a73797f2f8e656889dea1f0
- SHA512
  
  1ac84fd1be755cd5d1219f8099f60c2e8637c965683a09d94bbc938b23f77fb4b5b404a015383a8e90a723bcb1426500b0b97089eae100dc6cea7ca5ce2a358d
- SSDEEP
  
  3072:Rnj9PtfUKINndIc0Jr59BaimO/XHY1raezD1C6Pt/vW5BjWJ+afm0YY0JfNcPfbf:RjneifE0/XI+efAfjWJ+QIfNgKDFdq
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence