11d1bc2fa54aa5852643ded27e34c70867a26c9485695e86ad8a62af8eb0f757 | Triage

Sharing

General

Target

eaad02c54a4033221e87a693c6d440b5_JaffaCakes118
Size

968KB
Sample

240410-kk3dxshf77
MD5

eaad02c54a4033221e87a693c6d440b5
SHA1

e041e60582ead1c7820797fc6126eda24618c9a1
SHA256

11d1bc2fa54aa5852643ded27e34c70867a26c9485695e86ad8a62af8eb0f757
SHA512

7b036302012b78abc1d243efbb33a0897af2d7d5fb4c9d9aa254a4dbdf1ed38342c2bdf14fb09d16dbb83dc9fd6d7cb28fb9ead3e9fdbca0a3db5a73ea1c483f
SSDEEP

12288:wX/eOyaiqN9ziEUjVNBSXeXTXkyKGLwg3ot/LWDrqrKMFHvZZQWS48cNNE+RWNV:wX/eO4qZSieX5j3ot/Ln1ZZQwbfRQV

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  eaad02c54a4033221e87a693c6d440b5_JaffaCakes118
- Size
  
  968KB
- MD5
  
  eaad02c54a4033221e87a693c6d440b5
- SHA1
  
  e041e60582ead1c7820797fc6126eda24618c9a1
- SHA256
  
  11d1bc2fa54aa5852643ded27e34c70867a26c9485695e86ad8a62af8eb0f757
- SHA512
  
  7b036302012b78abc1d243efbb33a0897af2d7d5fb4c9d9aa254a4dbdf1ed38342c2bdf14fb09d16dbb83dc9fd6d7cb28fb9ead3e9fdbca0a3db5a73ea1c483f
- SSDEEP
  
  12288:wX/eOyaiqN9ziEUjVNBSXeXTXkyKGLwg3ot/LWDrqrKMFHvZZQWS48cNNE+RWNV:wX/eO4qZSieX5j3ot/Ln1ZZQwbfRQV
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2