e42bbc2bbc0fcf5412fe2004aa9d42dbc8fbca4abece8ba1dfd8e9ccb798af51 | Triage

Sharing

General

Target

0b0186920413b879c4e32c29190ad774_JaffaCakes118
Size

321KB
Sample

241002-q9nvqazcjl
MD5

0b0186920413b879c4e32c29190ad774
SHA1

f61aa39cfa4deb05984f8db0679cfb43d1b098d5
SHA256

e42bbc2bbc0fcf5412fe2004aa9d42dbc8fbca4abece8ba1dfd8e9ccb798af51
SHA512

e73cd6d62d7f7ba846057de4a9ee862920b7ac1efb9dc1f3665c0fafcceb2df23fa1c2d9464fd6c07b8f7369c7339d90155eb9afa1830acb36861dbee9c541a2
SSDEEP

6144:AT+FQowd7CswMHScIOq1G/PVRnC2CkErfoFWN:zFhw/ycBqwVRC2gcFU

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  0b0186920413b879c4e32c29190ad774_JaffaCakes118
- Size
  
  321KB
- MD5
  
  0b0186920413b879c4e32c29190ad774
- SHA1
  
  f61aa39cfa4deb05984f8db0679cfb43d1b098d5
- SHA256
  
  e42bbc2bbc0fcf5412fe2004aa9d42dbc8fbca4abece8ba1dfd8e9ccb798af51
- SHA512
  
  e73cd6d62d7f7ba846057de4a9ee862920b7ac1efb9dc1f3665c0fafcceb2df23fa1c2d9464fd6c07b8f7369c7339d90155eb9afa1830acb36861dbee9c541a2
- SSDEEP
  
  6144:AT+FQowd7CswMHScIOq1G/PVRnC2CkErfoFWN:zFhw/ycBqwVRC2gcFU
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2