bc954435ed9d3bcab7e1bb69555e55cc415644df52bcaabe9e6279eda890ee67 | Triage

Sharing

General

Target

JaffaCakes118_981c8f56687eac9b65acfe9bad3d3bda
Size

8KB
Sample

250204-zmgmka1qfz
MD5

981c8f56687eac9b65acfe9bad3d3bda
SHA1

b0957feb8109326efec8b274ae5f1599086d748b
SHA256

bc954435ed9d3bcab7e1bb69555e55cc415644df52bcaabe9e6279eda890ee67
SHA512

e1b331335954f1908cfa7124086b18abb21483c7c373fdd79e0bdb7c6675a40f4eca8a07a08422022e181d8a9ec7df5c14b0303e61af78d5db7bea60317ee1c0
SSDEEP

192:nrOdgf2BbCzlP5XOqG9xwIAtRm/60mAPhK1ru:qg2BbsxG9P+Rmi0nK

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  JaffaCakes118_981c8f56687eac9b65acfe9bad3d3bda
- Size
  
  8KB
- MD5
  
  981c8f56687eac9b65acfe9bad3d3bda
- SHA1
  
  b0957feb8109326efec8b274ae5f1599086d748b
- SHA256
  
  bc954435ed9d3bcab7e1bb69555e55cc415644df52bcaabe9e6279eda890ee67
- SHA512
  
  e1b331335954f1908cfa7124086b18abb21483c7c373fdd79e0bdb7c6675a40f4eca8a07a08422022e181d8a9ec7df5c14b0303e61af78d5db7bea60317ee1c0
- SSDEEP
  
  192:nrOdgf2BbCzlP5XOqG9xwIAtRm/60mAPhK1ru:qg2BbsxG9P+Rmi0nK
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence