c87ac5f7b9521a3355f60a0b526eac8aba93d41a32d1c16473ab4b5100bfc005 | Triage

Sharing

General

Target

26ed75f24f23cb0d42ada6b200cf99ec_JaffaCakes118
Size

141KB
Sample

241008-299b7sxcrq
MD5

26ed75f24f23cb0d42ada6b200cf99ec
SHA1

71fe1d82dc721478dd4957c27df1c430fd2b7854
SHA256

c87ac5f7b9521a3355f60a0b526eac8aba93d41a32d1c16473ab4b5100bfc005
SHA512

069227b8b1a334ad1e48f20a40d615669c9d9228b7a3fcd01829c9a8d9256a73ed3fe95e5eaf3f24d750f0b0c5218e77a567aa1263f80bd9c02278d954a23fbf
SSDEEP

3072:ZGu9BlfzWIbXWm+w0Jz5iyhC33O+99/ABUC+BciLb1vQyoFYkTNiP4Oy1Ek:Z/0uodC33O29AqCQ14FjRiP4xl

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  26ed75f24f23cb0d42ada6b200cf99ec_JaffaCakes118
- Size
  
  141KB
- MD5
  
  26ed75f24f23cb0d42ada6b200cf99ec
- SHA1
  
  71fe1d82dc721478dd4957c27df1c430fd2b7854
- SHA256
  
  c87ac5f7b9521a3355f60a0b526eac8aba93d41a32d1c16473ab4b5100bfc005
- SHA512
  
  069227b8b1a334ad1e48f20a40d615669c9d9228b7a3fcd01829c9a8d9256a73ed3fe95e5eaf3f24d750f0b0c5218e77a567aa1263f80bd9c02278d954a23fbf
- SSDEEP
  
  3072:ZGu9BlfzWIbXWm+w0Jz5iyhC33O+99/ABUC+BciLb1vQyoFYkTNiP4Oy1Ek:Z/0uodC33O29AqCQ14FjRiP4xl
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence