891fe6f51ac61812dc142598ec7290ae72a0f3ec639c0aad461bdb36eba8d612 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ec31e63c5e4c60baafc5600b34eb807_JaffaCakes118
Size

380KB
Sample

241009-ljsc1aygkd
MD5

2ec31e63c5e4c60baafc5600b34eb807
SHA1

e7d9be33a542a5c27612e26ce9294902457a6716
SHA256

891fe6f51ac61812dc142598ec7290ae72a0f3ec639c0aad461bdb36eba8d612
SHA512

005a13d3621a07ddf735897cb39f4d556e71205952d7048388380f0e6e0db69810688775b74d8ee2f61bb97b75c3dd7d64b67df80fc8d42b978e5c94ff165bab
SSDEEP

6144:5EzQdSWr2I6DPc5NJ0n8vIz3Y3ZSze2QpchpE0J1HZBh4kHIe:jSW6DEwTKEdB1HZA+

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  2ec31e63c5e4c60baafc5600b34eb807_JaffaCakes118
- Size
  
  380KB
- MD5
  
  2ec31e63c5e4c60baafc5600b34eb807
- SHA1
  
  e7d9be33a542a5c27612e26ce9294902457a6716
- SHA256
  
  891fe6f51ac61812dc142598ec7290ae72a0f3ec639c0aad461bdb36eba8d612
- SHA512
  
  005a13d3621a07ddf735897cb39f4d556e71205952d7048388380f0e6e0db69810688775b74d8ee2f61bb97b75c3dd7d64b67df80fc8d42b978e5c94ff165bab
- SSDEEP
  
  6144:5EzQdSWr2I6DPc5NJ0n8vIz3Y3ZSze2QpchpE0J1HZBh4kHIe:jSW6DEwTKEdB1HZA+
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2