7bb2e5f8bcf6ee91fc65dcdd9617827fcf6ea9b31708b260f6c4fd3593c98f73 | Triage

Sharing

General

Target

409d1a6ef6366d783a25eb3f1810178f_JaffaCakes118
Size

20KB
Sample

241013-stem8axhjj
MD5

409d1a6ef6366d783a25eb3f1810178f
SHA1

63c41f0f94fe69875ea318caf1dd54c83f852514
SHA256

7bb2e5f8bcf6ee91fc65dcdd9617827fcf6ea9b31708b260f6c4fd3593c98f73
SHA512

c3db7abe0a42ca10aeeb84c6aebe63f87c678282b27939af62e2402db5ce95bfa67886c1a875cec8ab4671f6cbac3510f2143b1edca6df15521d74289dea65e6
SSDEEP

384:wvCCFpKHC+4k6mS6+/KgLS+Q/7EqWvXg:wvCjHCfxmSBJSr/Qq

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  409d1a6ef6366d783a25eb3f1810178f_JaffaCakes118
- Size
  
  20KB
- MD5
  
  409d1a6ef6366d783a25eb3f1810178f
- SHA1
  
  63c41f0f94fe69875ea318caf1dd54c83f852514
- SHA256
  
  7bb2e5f8bcf6ee91fc65dcdd9617827fcf6ea9b31708b260f6c4fd3593c98f73
- SHA512
  
  c3db7abe0a42ca10aeeb84c6aebe63f87c678282b27939af62e2402db5ce95bfa67886c1a875cec8ab4671f6cbac3510f2143b1edca6df15521d74289dea65e6
- SSDEEP
  
  384:wvCCFpKHC+4k6mS6+/KgLS+Q/7EqWvXg:wvCjHCfxmSBJSr/Qq
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2