925c1c5fdf54c0c4c2587b4a9265659294db3a635217e144f188e3cf14a53046 | Triage

Sharing

General

Target

40622f87a39b4ec4edbe61400a1df9d1_JaffaCakes118
Size

295KB
Sample

241013-rwwtva1erh
MD5

40622f87a39b4ec4edbe61400a1df9d1
SHA1

7e84de0408bf457765bd044caf5b2656cf353bf3
SHA256

925c1c5fdf54c0c4c2587b4a9265659294db3a635217e144f188e3cf14a53046
SHA512

9a4fabce8fd2ad1c745fd8cbaab83346df9324b72a01c9aa61a15a7daf0ba6155f0c4bf3b9a08bdea0205d987945b384200200646f20fefa45c62e0335181f4f
SSDEEP

6144:aOAvbvlaZ+Wuv46BtFU3RSoGKqkWQ6FS/zrvgqo+7zVk6t:XkowDg6BtERl5B/gqd

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  40622f87a39b4ec4edbe61400a1df9d1_JaffaCakes118
- Size
  
  295KB
- MD5
  
  40622f87a39b4ec4edbe61400a1df9d1
- SHA1
  
  7e84de0408bf457765bd044caf5b2656cf353bf3
- SHA256
  
  925c1c5fdf54c0c4c2587b4a9265659294db3a635217e144f188e3cf14a53046
- SHA512
  
  9a4fabce8fd2ad1c745fd8cbaab83346df9324b72a01c9aa61a15a7daf0ba6155f0c4bf3b9a08bdea0205d987945b384200200646f20fefa45c62e0335181f4f
- SSDEEP
  
  6144:aOAvbvlaZ+Wuv46BtFU3RSoGKqkWQ6FS/zrvgqo+7zVk6t:XkowDg6BtERl5B/gqd
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2