8f74d92f040b8aa98f9c673b0819911701a9041d748a0a3bf5d4aac5ab0451b9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

edc52ce0f1f9ced626f56f0cb50b28ce_JaffaCakes118
Size

64KB
Sample

240411-s4gwbshg7t
MD5

edc52ce0f1f9ced626f56f0cb50b28ce
SHA1

b8be8733e8eb669015166070faaa47487882c98f
SHA256

8f74d92f040b8aa98f9c673b0819911701a9041d748a0a3bf5d4aac5ab0451b9
SHA512

6a5982835d10d05d347ed29344f142ba37b2345a82957cfa6b67987e9414f68769bd65968b559e3deca89196b04fd3ff3eb3950abd38fa78618e5a129ec09981
SSDEEP

768:F5ZqFKo4DuMu4rXNqYxHI7OczfCHbNu0lGN24ubYD5CJn+QOp6QfWk+JBQ/u6gEl:FzqFE1FbNdqnDIZuAzb5J46Jk/Fgo3

Score

10^/10

persistence upx

Malware Config

Targets

- Target
  
  edc52ce0f1f9ced626f56f0cb50b28ce_JaffaCakes118
- Size
  
  64KB
- MD5
  
  edc52ce0f1f9ced626f56f0cb50b28ce
- SHA1
  
  b8be8733e8eb669015166070faaa47487882c98f
- SHA256
  
  8f74d92f040b8aa98f9c673b0819911701a9041d748a0a3bf5d4aac5ab0451b9
- SHA512
  
  6a5982835d10d05d347ed29344f142ba37b2345a82957cfa6b67987e9414f68769bd65968b559e3deca89196b04fd3ff3eb3950abd38fa78618e5a129ec09981
- SSDEEP
  
  768:F5ZqFKo4DuMu4rXNqYxHI7OczfCHbNu0lGN24ubYD5CJn+QOp6QfWk+JBQ/u6gEl:FzqFE1FbNdqnDIZuAzb5J46Jk/Fgo3
Score

10^/10

upx persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2