cd197eb9a11d8a9af0ea8a5678abcba188a6ec18a007300be09076e8dde8abb1 | Triage

Sharing

General

Target

063192663d87a484625a982f4a2a0f3a_JaffaCakes118
Size

96KB
Sample

241001-rrq3sstfmq
MD5

063192663d87a484625a982f4a2a0f3a
SHA1

d64e741df9ffbfc48b35fd972e87879bb00eb39e
SHA256

cd197eb9a11d8a9af0ea8a5678abcba188a6ec18a007300be09076e8dde8abb1
SHA512

4c01954a2e311be35d473d96870b46b3afe001539ea2ac1cd373709f20fbf4d29de2cca0efe489ae17eb0d0aff090b819c4a91261919b25cf9f1fe3831151fbb
SSDEEP

1536:l8fGHUrKRtrhcamH7XVkEmiSngrR92SjuJ7cPcj3CnisY3A2ro4dxti/:4GH2KRXc3blXmtnitjuJG6SisYQT4b4/

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  063192663d87a484625a982f4a2a0f3a_JaffaCakes118
- Size
  
  96KB
- MD5
  
  063192663d87a484625a982f4a2a0f3a
- SHA1
  
  d64e741df9ffbfc48b35fd972e87879bb00eb39e
- SHA256
  
  cd197eb9a11d8a9af0ea8a5678abcba188a6ec18a007300be09076e8dde8abb1
- SHA512
  
  4c01954a2e311be35d473d96870b46b3afe001539ea2ac1cd373709f20fbf4d29de2cca0efe489ae17eb0d0aff090b819c4a91261919b25cf9f1fe3831151fbb
- SSDEEP
  
  1536:l8fGHUrKRtrhcamH7XVkEmiSngrR92SjuJ7cPcj3CnisY3A2ro4dxti/:4GH2KRXc3blXmtnitjuJG6SisYQT4b4/
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence