fb287c16a916eaacb3780b73943dba9bfe42e58c2dab0708e175cffc1c2a7fe1 | Triage

Sharing

General

Target

16b7b830069f2537fc920c4dbbd13981_JaffaCakes118
Size

86KB
Sample

241005-h8qc6axane
MD5

16b7b830069f2537fc920c4dbbd13981
SHA1

56b27c92299b08342a33550fbb74672eaab4102c
SHA256

fb287c16a916eaacb3780b73943dba9bfe42e58c2dab0708e175cffc1c2a7fe1
SHA512

220130536311773bf373101bea51cefeacaea1f3b43c0080447a1ecf96a11b39724234dd41ddc02f573f0df6adc330cb20f69ecbb44b1d6323e107e7e7605ed3
SSDEEP

1536:01Rjr6PKT/wJNr0aCraUFMM40dE6N9gE1QetDwOpF0Sj:01RjuW/sCWUF+0/9TQcDwO3Nj

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  16b7b830069f2537fc920c4dbbd13981_JaffaCakes118
- Size
  
  86KB
- MD5
  
  16b7b830069f2537fc920c4dbbd13981
- SHA1
  
  56b27c92299b08342a33550fbb74672eaab4102c
- SHA256
  
  fb287c16a916eaacb3780b73943dba9bfe42e58c2dab0708e175cffc1c2a7fe1
- SHA512
  
  220130536311773bf373101bea51cefeacaea1f3b43c0080447a1ecf96a11b39724234dd41ddc02f573f0df6adc330cb20f69ecbb44b1d6323e107e7e7605ed3
- SSDEEP
  
  1536:01Rjr6PKT/wJNr0aCraUFMM40dE6N9gE1QetDwOpF0Sj:01RjuW/sCWUF+0/9TQcDwO3Nj
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence