General
-
Target
JaffaCakes118_174a0af7130de7e7ee2186f175169566
-
Size
339KB
-
Sample
250222-e7hedaymdp
-
MD5
174a0af7130de7e7ee2186f175169566
-
SHA1
72e106d3ce7b6aecf7999d35b32e348ea96374c7
-
SHA256
58c17c858bf92c2a3cf564b7890bf244112533d9cd47c917f7eca6ca2c5cb0e5
-
SHA512
3f18f8a4034e35d53153a1029f324d3109a766db355e73a3bab2ade32740097cca573beef7e25412e9f74e9835fc549f50c4e05abe2e208b3136ca7d3e4ff204
-
SSDEEP
6144:fvYx1V1g6NhSr2Hg2Hg2HBcbJDV9yZB5HdEuQcn3+GI+cKqCPoTQxy7dzo:fQnVq6HSrXX3JHyZL9EGOGILvGyNto
Malware Config
Targets
-
-
Target
JaffaCakes118_174a0af7130de7e7ee2186f175169566
-
Size
339KB
-
MD5
174a0af7130de7e7ee2186f175169566
-
SHA1
72e106d3ce7b6aecf7999d35b32e348ea96374c7
-
SHA256
58c17c858bf92c2a3cf564b7890bf244112533d9cd47c917f7eca6ca2c5cb0e5
-
SHA512
3f18f8a4034e35d53153a1029f324d3109a766db355e73a3bab2ade32740097cca573beef7e25412e9f74e9835fc549f50c4e05abe2e208b3136ca7d3e4ff204
-
SSDEEP
6144:fvYx1V1g6NhSr2Hg2Hg2HBcbJDV9yZB5HdEuQcn3+GI+cKqCPoTQxy7dzo:fQnVq6HSrXX3JHyZL9EGOGILvGyNto
Score8/10-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2