44baa5aaed9f78e17a1babbc05adc7c216d62094923e0d6a8e63cdb63639ebc5 | Triage

Sharing

General

Target

022957615231378d6c11626438f6b289_JaffaCakes118
Size

375KB
Sample

240930-tfp3gatejn
MD5

022957615231378d6c11626438f6b289
SHA1

12640c19e4aabb92b4ad8719b55c374773e2d8ac
SHA256

44baa5aaed9f78e17a1babbc05adc7c216d62094923e0d6a8e63cdb63639ebc5
SHA512

ebe713c7a7fa8f3db7dd547d81588d712a9a096f3dc8792c04ef4d13c875f495eee3025cd91ea3e07e8be3f467451d2a3f6eeefdd73ee9300e0103827be15433
SSDEEP

6144:ELCJXov/nbDRSVCdUgc6NW5pKpJK4g1lP0ukV/dE:RXU/HmL1jYK4g1lp5

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  022957615231378d6c11626438f6b289_JaffaCakes118
- Size
  
  375KB
- MD5
  
  022957615231378d6c11626438f6b289
- SHA1
  
  12640c19e4aabb92b4ad8719b55c374773e2d8ac
- SHA256
  
  44baa5aaed9f78e17a1babbc05adc7c216d62094923e0d6a8e63cdb63639ebc5
- SHA512
  
  ebe713c7a7fa8f3db7dd547d81588d712a9a096f3dc8792c04ef4d13c875f495eee3025cd91ea3e07e8be3f467451d2a3f6eeefdd73ee9300e0103827be15433
- SSDEEP
  
  6144:ELCJXov/nbDRSVCdUgc6NW5pKpJK4g1lP0ukV/dE:RXU/HmL1jYK4g1lp5
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2