c2645ce37da145b2e6f8ba5ec7701d889f8443493608eb99b7ef19a895400406 | Triage

Sharing

General

Target

JaffaCakes118_9822411d877e4ae07c8c3dce7f666f8b
Size

25KB
Sample

250204-zpb5vs1rew
MD5

9822411d877e4ae07c8c3dce7f666f8b
SHA1

cf3870f3167a86ff9bcc0d68168aef554533cf6b
SHA256

c2645ce37da145b2e6f8ba5ec7701d889f8443493608eb99b7ef19a895400406
SHA512

8aa372d4d04433c32aa6de8debcda42f98af06646a00d4dc5505c9116a185364ff514f9a3e15d4b482f1f21edaeaa15b5d8b7ee6e3582fdcec57bf7fda625309
SSDEEP

384:xOatY0mgb3gkcbutzcqlRCuPKn3yRgKPBxtVcl0pFtGtif:xOsJmgb3GKyoRJKCR/v/cl0pFtGtA

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  JaffaCakes118_9822411d877e4ae07c8c3dce7f666f8b
- Size
  
  25KB
- MD5
  
  9822411d877e4ae07c8c3dce7f666f8b
- SHA1
  
  cf3870f3167a86ff9bcc0d68168aef554533cf6b
- SHA256
  
  c2645ce37da145b2e6f8ba5ec7701d889f8443493608eb99b7ef19a895400406
- SHA512
  
  8aa372d4d04433c32aa6de8debcda42f98af06646a00d4dc5505c9116a185364ff514f9a3e15d4b482f1f21edaeaa15b5d8b7ee6e3582fdcec57bf7fda625309
- SSDEEP
  
  384:xOatY0mgb3gkcbutzcqlRCuPKn3yRgKPBxtVcl0pFtGtif:xOsJmgb3GKyoRJKCR/v/cl0pFtGtA
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence