39c73c4e18d8da48ffec11261d85b1a181fcafa74f3256ca63dd42923ddf8483 | Triage

Sharing

General

Target

e73863406077460ce69b9b025670f8f9_JaffaCakes118
Size

69KB
Sample

240408-l8nfcaaa5t
MD5

e73863406077460ce69b9b025670f8f9
SHA1

18ed6cb24c94b1c090b1bd54c8fd4344708a5bd5
SHA256

39c73c4e18d8da48ffec11261d85b1a181fcafa74f3256ca63dd42923ddf8483
SHA512

e6c894f8d59804f84e29daa2b3bf87eda39585ae11d6761449b6a52428e5146fc9653be31f59f910f0cf950dc64c0b2d640e89aa8ece12f278d7e7a5aef64c40
SSDEEP

768:GgCIGhxgLa1J+9ZWDnBwPQdCgVpudGnsi94+WW/r0va0Mvrr4Ink+JU2zbH3vZLP:GVLheLaUZW0tgVp2+WQrtcILprBLYk

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  e73863406077460ce69b9b025670f8f9_JaffaCakes118
- Size
  
  69KB
- MD5
  
  e73863406077460ce69b9b025670f8f9
- SHA1
  
  18ed6cb24c94b1c090b1bd54c8fd4344708a5bd5
- SHA256
  
  39c73c4e18d8da48ffec11261d85b1a181fcafa74f3256ca63dd42923ddf8483
- SHA512
  
  e6c894f8d59804f84e29daa2b3bf87eda39585ae11d6761449b6a52428e5146fc9653be31f59f910f0cf950dc64c0b2d640e89aa8ece12f278d7e7a5aef64c40
- SSDEEP
  
  768:GgCIGhxgLa1J+9ZWDnBwPQdCgVpudGnsi94+WW/r0va0Mvrr4Ink+JU2zbH3vZLP:GVLheLaUZW0tgVp2+WQrtcILprBLYk
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2