c0127e867067179c3bbbb36d2e0e94efa81c9273b83cccc58cdfb0ea09f828c2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13fad2c68e2d753ae102018731ced8ed_JaffaCakes118
Size

416KB
Sample

241004-s87mjssfmq
MD5

13fad2c68e2d753ae102018731ced8ed
SHA1

d50f3f1a2ba6ff35bdf2d8056a251a0006a07893
SHA256

c0127e867067179c3bbbb36d2e0e94efa81c9273b83cccc58cdfb0ea09f828c2
SHA512

722cdc064cc3f47a06c3117747d85212edf09fc22c58d75801faba93d0d82f9cbf857ee8599d95e92475268e5054733beac846c4a555777c1456004a2955b2bc
SSDEEP

6144:jz882aT/Fsbzgv5HNjOM42jn7wOUJHDqEqecTT:j4jI/Fs6ZRFUpcXT

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  13fad2c68e2d753ae102018731ced8ed_JaffaCakes118
- Size
  
  416KB
- MD5
  
  13fad2c68e2d753ae102018731ced8ed
- SHA1
  
  d50f3f1a2ba6ff35bdf2d8056a251a0006a07893
- SHA256
  
  c0127e867067179c3bbbb36d2e0e94efa81c9273b83cccc58cdfb0ea09f828c2
- SHA512
  
  722cdc064cc3f47a06c3117747d85212edf09fc22c58d75801faba93d0d82f9cbf857ee8599d95e92475268e5054733beac846c4a555777c1456004a2955b2bc
- SSDEEP
  
  6144:jz882aT/Fsbzgv5HNjOM42jn7wOUJHDqEqecTT:j4jI/Fs6ZRFUpcXT
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2