98e2a8780587cb0c2249bff816cbdee21eb85b50eafb885b6c7c355753bfd922 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

116ada8d131c3ea569f4ec337abb76b7_JaffaCakes118
Size

507KB
Sample

241004-cnz4zasgre
MD5

116ada8d131c3ea569f4ec337abb76b7
SHA1

791711baef9c9674580151981678acdec12dadcf
SHA256

98e2a8780587cb0c2249bff816cbdee21eb85b50eafb885b6c7c355753bfd922
SHA512

faba1f3cb465a7f708f2e6e2040eb764bb455177af3028d5e893736962620d56ee8e15ea6d029fa04ec625550e95c2589f8c1f3189f337a201af5e007e9c5069
SSDEEP

12288:FymwlPyo+C5IxJ845HYV5sxOH/cccccccea:FKlPDav84a5sxp

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  116ada8d131c3ea569f4ec337abb76b7_JaffaCakes118
- Size
  
  507KB
- MD5
  
  116ada8d131c3ea569f4ec337abb76b7
- SHA1
  
  791711baef9c9674580151981678acdec12dadcf
- SHA256
  
  98e2a8780587cb0c2249bff816cbdee21eb85b50eafb885b6c7c355753bfd922
- SHA512
  
  faba1f3cb465a7f708f2e6e2040eb764bb455177af3028d5e893736962620d56ee8e15ea6d029fa04ec625550e95c2589f8c1f3189f337a201af5e007e9c5069
- SSDEEP
  
  12288:FymwlPyo+C5IxJ845HYV5sxOH/cccccccea:FKlPDav84a5sxp
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence