c74352cabb614b2c83810fe7aa73fe019643e26d5b1c757fa37cead27eb38d90 | Triage

Sharing

General

Target

34d9239b092ca2c492a4a0f7f9040931_JaffaCakes118
Size

333KB
Sample

241011-pw444ssfkb
MD5

34d9239b092ca2c492a4a0f7f9040931
SHA1

be486c46b3d7c9e5a11825ee2736bda755a51794
SHA256

c74352cabb614b2c83810fe7aa73fe019643e26d5b1c757fa37cead27eb38d90
SHA512

55c283513491483f8b8b97757d146b2e3f780dfc6077ed21eba59af694c820caa06205cf69a2bdd28ede81b3a1da70763401e881a037eb15bf8dbc44940f8f15
SSDEEP

6144:G+7bXCvIAZX/Y4UVNTuzkg2ffUKiZDwK2HNa+9R9yWW1:L1QX/hI9ck3UfhwK2t/9vyWq

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  34d9239b092ca2c492a4a0f7f9040931_JaffaCakes118
- Size
  
  333KB
- MD5
  
  34d9239b092ca2c492a4a0f7f9040931
- SHA1
  
  be486c46b3d7c9e5a11825ee2736bda755a51794
- SHA256
  
  c74352cabb614b2c83810fe7aa73fe019643e26d5b1c757fa37cead27eb38d90
- SHA512
  
  55c283513491483f8b8b97757d146b2e3f780dfc6077ed21eba59af694c820caa06205cf69a2bdd28ede81b3a1da70763401e881a037eb15bf8dbc44940f8f15
- SSDEEP
  
  6144:G+7bXCvIAZX/Y4UVNTuzkg2ffUKiZDwK2HNa+9R9yWW1:L1QX/hI9ck3UfhwK2t/9vyWq
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2