d590cbff1ecf059718d2426243b4da59d57d4fce684adc71573c9377f6210cd2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2af60c9f78e8ddc96437a2aa495debfc_JaffaCakes118
Size

307KB
Sample

241009-e9a33sxfqp
MD5

2af60c9f78e8ddc96437a2aa495debfc
SHA1

26282f407015d9784792141bdb8edb8ce6e12b1d
SHA256

d590cbff1ecf059718d2426243b4da59d57d4fce684adc71573c9377f6210cd2
SHA512

ecb3c2a1350d2ada31e4a105fce154f42ab1066f3b5a9c524ca20d7fb3b748a4fd7bb61788ffa02d2a709e0bb253cd064c9e034e33b674338d0c242a0c5789ee
SSDEEP

6144:K0vztT72Y0SBzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOxPECYeixlYGic7:K0bh7SSYYsY1UMqMZJYSN7wbstOx8fvB

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  2af60c9f78e8ddc96437a2aa495debfc_JaffaCakes118
- Size
  
  307KB
- MD5
  
  2af60c9f78e8ddc96437a2aa495debfc
- SHA1
  
  26282f407015d9784792141bdb8edb8ce6e12b1d
- SHA256
  
  d590cbff1ecf059718d2426243b4da59d57d4fce684adc71573c9377f6210cd2
- SHA512
  
  ecb3c2a1350d2ada31e4a105fce154f42ab1066f3b5a9c524ca20d7fb3b748a4fd7bb61788ffa02d2a709e0bb253cd064c9e034e33b674338d0c242a0c5789ee
- SSDEEP
  
  6144:K0vztT72Y0SBzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOxPECYeixlYGic7:K0bh7SSYYsY1UMqMZJYSN7wbstOx8fvB
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2