f5e8da04f38c6403006e9e1f98dd567ea3956424bcfeddf6fd404602c69c7a97 | Triage

Sharing

General

Target

168943620b6188590b4722822e71cfd1_JaffaCakes118
Size

20KB
Sample

241005-g9a47azhnn
MD5

168943620b6188590b4722822e71cfd1
SHA1

c34e31ef4d8ac2b5034ec7348e7dd277d01b37db
SHA256

f5e8da04f38c6403006e9e1f98dd567ea3956424bcfeddf6fd404602c69c7a97
SHA512

d32215484992b0771f48b008286bf89dd25ba66dedb6cb1946e39d3394fcd78266e0569b72b72e14a7155cf2285a672889c9c73c74ce16378d227ae3b7b53e40
SSDEEP

192:A1smtURopKLb2JlQJiLb5QGf7yD3pgLGA8pBaH1lJFw5qxLGCvU:EsLRopKHulQwLdZ2Vgy2H3JFjG

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  168943620b6188590b4722822e71cfd1_JaffaCakes118
- Size
  
  20KB
- MD5
  
  168943620b6188590b4722822e71cfd1
- SHA1
  
  c34e31ef4d8ac2b5034ec7348e7dd277d01b37db
- SHA256
  
  f5e8da04f38c6403006e9e1f98dd567ea3956424bcfeddf6fd404602c69c7a97
- SHA512
  
  d32215484992b0771f48b008286bf89dd25ba66dedb6cb1946e39d3394fcd78266e0569b72b72e14a7155cf2285a672889c9c73c74ce16378d227ae3b7b53e40
- SSDEEP
  
  192:A1smtURopKLb2JlQJiLb5QGf7yD3pgLGA8pBaH1lJFw5qxLGCvU:EsLRopKHulQwLdZ2Vgy2H3JFjG
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2