15816fcd6991b899cffb62fbd50540486ebc98a1ef7665550b03fdae3da1d1de | Triage

Resubmissions

14/10/2024, 12:47

241014-p1c67azhrk 8

10/07/2024, 09:06

240710-k25wda1clg 8

Sharing

General

Target

3416662c26c7191fecd3f3765bae9c23_JaffaCakes118
Size

232KB
Sample

241014-p1c67azhrk
MD5

3416662c26c7191fecd3f3765bae9c23
SHA1

cac9667f6bac1b9c30475738cb6991514f96704e
SHA256

15816fcd6991b899cffb62fbd50540486ebc98a1ef7665550b03fdae3da1d1de
SHA512

eed835bd7ba27f528adb1576fffcccce11c96f92ceec8bfdf1181a03a869af11c9b10cebc345d716e50d119fc275aacefae2fe64f2a2fda8090b566c11fb564a
SSDEEP

6144:PhfSszaWrLhEqZuBySX2O5inpIXp85nCXT:owawJuBys24awC

Score

8^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  3416662c26c7191fecd3f3765bae9c23_JaffaCakes118
- Size
  
  232KB
- MD5
  
  3416662c26c7191fecd3f3765bae9c23
- SHA1
  
  cac9667f6bac1b9c30475738cb6991514f96704e
- SHA256
  
  15816fcd6991b899cffb62fbd50540486ebc98a1ef7665550b03fdae3da1d1de
- SHA512
  
  eed835bd7ba27f528adb1576fffcccce11c96f92ceec8bfdf1181a03a869af11c9b10cebc345d716e50d119fc275aacefae2fe64f2a2fda8090b566c11fb564a
- SSDEEP
  
  6144:PhfSszaWrLhEqZuBySX2O5inpIXp85nCXT:owawJuBys24awC
Score

8^/10

discovery evasion persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence