34fcba4452dc0b94072ec6c1a8a60d7acb3752aa91a52108d86778fe80f61c16 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0126f815e6a4f736820eba013a7ea14a_JaffaCakes118
Size

287KB
Sample

240930-nxz14stcpn
MD5

0126f815e6a4f736820eba013a7ea14a
SHA1

36c3fb9400512c24004d82fb6f3fde2b8be821dd
SHA256

34fcba4452dc0b94072ec6c1a8a60d7acb3752aa91a52108d86778fe80f61c16
SHA512

9046762fe99dd89df5cc8d6d295bbb1dbeca8d570ffb302bac19a5477aa14a428b0ab90cf15787d60d53e1f1d6f9e3980ffd5e9eb132c8f0472c66d8cac62ba5
SSDEEP

6144:/PTkNHl/WTcNi1zcdY9TonQEkKc3ybTh9gVY:/Pwj9NitcdY9k9cifR

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  Spedizione.Pdf______________________________________________________________.exe
- Size
  
  396KB
- MD5
  
  12955af2da9ace5672c64894760a4589
- SHA1
  
  22f5fb4dd500e522db97b647a6ec9fa77f326ce3
- SHA256
  
  9e3db9fb270ee9120d4b91a8ffb93837ccdf784fd5af2b38f1e1430963105459
- SHA512
  
  1412228b06d93e97198a3d0f8574bede963ff5eaad573a686e58d03bab598bb8eaccd14e64fb793082b5a31ca041365e27c12c21ae4babcfad63cbfa56b5f4a4
- SSDEEP
  
  6144:YZH4b+NfzAb8sMcvx8GkxR1HgFmTzmXwFQSUEGlEjMtVPhAW:tbE8FRZ8D1HBQw+Sklfj
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2