d7fc1f5b163c6d5b0e083f25e47b1407f56e8498424097bcfb6f4509f4e1a4fa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37766471985740459a9104e6675e0387_JaffaCakes118
Size

351KB
Sample

241011-31mmhswbjp
MD5

37766471985740459a9104e6675e0387
SHA1

f7a7afba1ec754e04b9684055cee820b620f1fee
SHA256

d7fc1f5b163c6d5b0e083f25e47b1407f56e8498424097bcfb6f4509f4e1a4fa
SHA512

851d9b13fea7f4683a2fbcbe2e17a511c30860bf84c620356503abd6cf35b51b66e6f1e1a338170a041986bfc27d2dad44342fac03066a2ca26b442e66f89588
SSDEEP

6144:Z3c4cg0RO2MPN3g893hr/NM7194n4BNO5gMutlRCw5ZIcL0I:ZiBTMFQ893hr/eHwuO+ow5ZIC

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  37766471985740459a9104e6675e0387_JaffaCakes118
- Size
  
  351KB
- MD5
  
  37766471985740459a9104e6675e0387
- SHA1
  
  f7a7afba1ec754e04b9684055cee820b620f1fee
- SHA256
  
  d7fc1f5b163c6d5b0e083f25e47b1407f56e8498424097bcfb6f4509f4e1a4fa
- SHA512
  
  851d9b13fea7f4683a2fbcbe2e17a511c30860bf84c620356503abd6cf35b51b66e6f1e1a338170a041986bfc27d2dad44342fac03066a2ca26b442e66f89588
- SSDEEP
  
  6144:Z3c4cg0RO2MPN3g893hr/NM7194n4BNO5gMutlRCw5ZIcL0I:ZiBTMFQ893hr/eHwuO+ow5ZIC
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2