d4a0a627c9ddadaf2232805d682732010dd8d13b7eab2ff87d5c7c783a98b9cc | Triage

Sharing

General

Target

f7029eb484c4f940467948bff63dd122_JaffaCakes118
Size

69KB
Sample

240418-b1zhjagg2x
MD5

f7029eb484c4f940467948bff63dd122
SHA1

33e41a6131482f7c1bf0de186d490b28b3ab781c
SHA256

d4a0a627c9ddadaf2232805d682732010dd8d13b7eab2ff87d5c7c783a98b9cc
SHA512

132d29c3972487b16868dc1670a9df7157bb560e6962b7157835d6c81728dc201cee79dabb1752b92f4a86e790bdb712bf93fc65d354699c8b4a346d4f06dff0
SSDEEP

1536:gQB/05ztGtYfnPlxZQZs3lKXMLxuvXwJyQAv1r:HB/eN/d7l08xaXwJF

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  f7029eb484c4f940467948bff63dd122_JaffaCakes118
- Size
  
  69KB
- MD5
  
  f7029eb484c4f940467948bff63dd122
- SHA1
  
  33e41a6131482f7c1bf0de186d490b28b3ab781c
- SHA256
  
  d4a0a627c9ddadaf2232805d682732010dd8d13b7eab2ff87d5c7c783a98b9cc
- SHA512
  
  132d29c3972487b16868dc1670a9df7157bb560e6962b7157835d6c81728dc201cee79dabb1752b92f4a86e790bdb712bf93fc65d354699c8b4a346d4f06dff0
- SSDEEP
  
  1536:gQB/05ztGtYfnPlxZQZs3lKXMLxuvXwJyQAv1r:HB/eN/d7l08xaXwJF
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2