7873b707210e94ff3518c98fb1ec78bb65c9f88d06a3ff3ae3e0a4fc92829ce3 | Triage

Sharing

General

Target

f75e62ac4e669400eb9d0bc0e5cc4975_JaffaCakes118
Size

359KB
Sample

240418-f88hmace62
MD5

f75e62ac4e669400eb9d0bc0e5cc4975
SHA1

eaafae603651df3c5d197cbacd4546986a57fcad
SHA256

7873b707210e94ff3518c98fb1ec78bb65c9f88d06a3ff3ae3e0a4fc92829ce3
SHA512

32554ca518fbf6685ca3bf55cfbc82b70392f086c60ebed5c4b2e248cc4e68d40c657c7cdc31239eedd3b436ae61551b666116d1a979c88b3e5aeddd90621832
SSDEEP

6144:XBnQ+Y3O6wOB1jOwKyIHqbuXseiFaGPYJyQXa1NiVpIInbXkzi6wZRiZZ:XS+16bKyIHqbQ3iNPyzENiVFKwno

Score

10^/10

persistence upx

Malware Config

Targets

- Target
  
  f75e62ac4e669400eb9d0bc0e5cc4975_JaffaCakes118
- Size
  
  359KB
- MD5
  
  f75e62ac4e669400eb9d0bc0e5cc4975
- SHA1
  
  eaafae603651df3c5d197cbacd4546986a57fcad
- SHA256
  
  7873b707210e94ff3518c98fb1ec78bb65c9f88d06a3ff3ae3e0a4fc92829ce3
- SHA512
  
  32554ca518fbf6685ca3bf55cfbc82b70392f086c60ebed5c4b2e248cc4e68d40c657c7cdc31239eedd3b436ae61551b666116d1a979c88b3e5aeddd90621832
- SSDEEP
  
  6144:XBnQ+Y3O6wOB1jOwKyIHqbuXseiFaGPYJyQXa1NiVpIInbXkzi6wZRiZZ:XS+16bKyIHqbQ3iNPyzENiVFKwno
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2