60d944fc9d35d169fd198227eb7e9798433f4fbdd0fd6fe1a5ab19d5aa5951c7 | Triage

Sharing

General

Target

03ba0d5523356aa0fd71fa7968f379b8_JaffaCakes118
Size

351KB
Sample

241001-ah1r7swakh
MD5

03ba0d5523356aa0fd71fa7968f379b8
SHA1

da21a08cfdad488dd5efe50fc5d6968f177cb1ff
SHA256

60d944fc9d35d169fd198227eb7e9798433f4fbdd0fd6fe1a5ab19d5aa5951c7
SHA512

0b88231bb2b51008ceed877234bf299ef9d9e44544eb96650ea729e62311a7250751dbb5af62d99e149bd8edd305aef0d64fef0e108c068400129fe2cca514d2
SSDEEP

6144:78lhUbjntPDo/OQlpKz8O6KEO+MTKbJ4RQjjJxEI0Xh7PblyzY:Awt7oPaz8Vtxy4jFQ7jlys

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  03ba0d5523356aa0fd71fa7968f379b8_JaffaCakes118
- Size
  
  351KB
- MD5
  
  03ba0d5523356aa0fd71fa7968f379b8
- SHA1
  
  da21a08cfdad488dd5efe50fc5d6968f177cb1ff
- SHA256
  
  60d944fc9d35d169fd198227eb7e9798433f4fbdd0fd6fe1a5ab19d5aa5951c7
- SHA512
  
  0b88231bb2b51008ceed877234bf299ef9d9e44544eb96650ea729e62311a7250751dbb5af62d99e149bd8edd305aef0d64fef0e108c068400129fe2cca514d2
- SSDEEP
  
  6144:78lhUbjntPDo/OQlpKz8O6KEO+MTKbJ4RQjjJxEI0Xh7PblyzY:Awt7oPaz8Vtxy4jFQ7jlys
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence