Overview

overview

10

Static

static

3

65d93c54a1...18.exe

windows7-x64

10

65d93c54a1...18.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65d93c54a10df5b5a15f43f34d10e667_JaffaCakes118

  • Size

    68KB

  • Sample

    240522-dzbfesaf33

  • MD5

    65d93c54a10df5b5a15f43f34d10e667

  • SHA1

    8c66e12da7c21bdcaec94abbde9d6130fac31f20

  • SHA256

    5844d10558f2461fbf8d40cb5e91c92da2c829cb99da9ba3c88c42d9ce108666

  • SHA512

    aa29ce495abd357b7b394796092cd3b06aa6c6aee9de262abbd7b9f80dec516230919513717df675938b24a48d57d29194dcd9a7e91d0a9efea6b4c73546c5e1

  • SSDEEP

    1536:1T7Yexd1XXXXlCDVuF08+ldlrRPIQMg3k/Tj:F7YexrXXXXlCD58+lBIQMg3k/n

Score
10/10
persistence

Malware Config

Targets

    • Target

      65d93c54a10df5b5a15f43f34d10e667_JaffaCakes118

    • Size

      68KB

    • MD5

      65d93c54a10df5b5a15f43f34d10e667

    • SHA1

      8c66e12da7c21bdcaec94abbde9d6130fac31f20

    • SHA256

      5844d10558f2461fbf8d40cb5e91c92da2c829cb99da9ba3c88c42d9ce108666

    • SHA512

      aa29ce495abd357b7b394796092cd3b06aa6c6aee9de262abbd7b9f80dec516230919513717df675938b24a48d57d29194dcd9a7e91d0a9efea6b4c73546c5e1

    • SSDEEP

      1536:1T7Yexd1XXXXlCDVuF08+ldlrRPIQMg3k/Tj:F7YexrXXXXlCD58+lBIQMg3k/n

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks