e60164d938a58fb1cb736cd395dfa9c7db0126d4f3c326c48fe47372c9151f41 | Triage

Sharing

General

Target

27fcf2b5cea97e7f0b46efc56c4e51d3_JaffaCakes118
Size

132KB
Sample

241009-a63xgavgkl
MD5

27fcf2b5cea97e7f0b46efc56c4e51d3
SHA1

3ed676010997f7b0784c3969a5e625ab8460fecc
SHA256

e60164d938a58fb1cb736cd395dfa9c7db0126d4f3c326c48fe47372c9151f41
SHA512

ba81363c7db6a5e84745702c7cb11d2273aab352110e6a09c12ffa102b27f0f80e2170881cdc869e7c7d7d132999e540c98332317205e1edbdeed755849f6660
SSDEEP

1536:5TvlubSHe/jHLsh6LctKWH0gEtWTE/rli5Z1nWvjI4TWRtss+cfWAY+/Vb2XmzfH:5cbFvLctKWAW8AB8baRts4WNg2Xmav

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  27fcf2b5cea97e7f0b46efc56c4e51d3_JaffaCakes118
- Size
  
  132KB
- MD5
  
  27fcf2b5cea97e7f0b46efc56c4e51d3
- SHA1
  
  3ed676010997f7b0784c3969a5e625ab8460fecc
- SHA256
  
  e60164d938a58fb1cb736cd395dfa9c7db0126d4f3c326c48fe47372c9151f41
- SHA512
  
  ba81363c7db6a5e84745702c7cb11d2273aab352110e6a09c12ffa102b27f0f80e2170881cdc869e7c7d7d132999e540c98332317205e1edbdeed755849f6660
- SSDEEP
  
  1536:5TvlubSHe/jHLsh6LctKWH0gEtWTE/rli5Z1nWvjI4TWRtss+cfWAY+/Vb2XmzfH:5cbFvLctKWAW8AB8baRts4WNg2Xmav
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence