dbc9781b741c15fc3d2e619f988dc4c6e8eb19bf03b364c52cba42e867d8390f | Triage

Sharing

General

Target

14dcad3685454f8e5b6d6a720d25c102_JaffaCakes118
Size

411KB
Sample

241004-zj5vzszdqc
MD5

14dcad3685454f8e5b6d6a720d25c102
SHA1

4cf23d414d7af197a02cd6dd30b5906ecb418933
SHA256

dbc9781b741c15fc3d2e619f988dc4c6e8eb19bf03b364c52cba42e867d8390f
SHA512

f9afe584401910594d361fa6d8c785de093c61d62e6776a97cd55dfe96de99cdd34aa98b2f1c07180eb33e543ebfc5dc58f4a01d9e5598af1a4a574cd4df8471
SSDEEP

6144:9GK72mmVAG1TMpolwHuN2iopMCEMozuAg1A:9phRmIUwHuN2iobEMfVq

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  14dcad3685454f8e5b6d6a720d25c102_JaffaCakes118
- Size
  
  411KB
- MD5
  
  14dcad3685454f8e5b6d6a720d25c102
- SHA1
  
  4cf23d414d7af197a02cd6dd30b5906ecb418933
- SHA256
  
  dbc9781b741c15fc3d2e619f988dc4c6e8eb19bf03b364c52cba42e867d8390f
- SHA512
  
  f9afe584401910594d361fa6d8c785de093c61d62e6776a97cd55dfe96de99cdd34aa98b2f1c07180eb33e543ebfc5dc58f4a01d9e5598af1a4a574cd4df8471
- SSDEEP
  
  6144:9GK72mmVAG1TMpolwHuN2iopMCEMozuAg1A:9phRmIUwHuN2iobEMfVq
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence