36a4251b94d63145e3c99aa6ede2ffa727bd78c5ff83255b0928b7c0c934ce61 | Triage

Sharing

General

Target

063862283efc1a22008008cb542301a6_JaffaCakes118
Size

349KB
Sample

240620-p857yaydpd
MD5

063862283efc1a22008008cb542301a6
SHA1

ae57f6c8436f461f8a2711f0268db6d54203d2d9
SHA256

36a4251b94d63145e3c99aa6ede2ffa727bd78c5ff83255b0928b7c0c934ce61
SHA512

2f17708d074b8e6557b973a44d7a0d453330a04a01222a7e1dbe171fdca928b30ee76151201ae16550049a04134b9155517dbae540d94173aeabe08b49ef14c2
SSDEEP

6144:oOavk2p1sc2oNQlTlbm2AKnkB1/GB2FuO1D0Z4LGyvBcG4+hZCPCny2rWt+e2DH+:otk2pKhoWTl5JkB1m2Fu1Z4L34+hZCPu

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  063862283efc1a22008008cb542301a6_JaffaCakes118
- Size
  
  349KB
- MD5
  
  063862283efc1a22008008cb542301a6
- SHA1
  
  ae57f6c8436f461f8a2711f0268db6d54203d2d9
- SHA256
  
  36a4251b94d63145e3c99aa6ede2ffa727bd78c5ff83255b0928b7c0c934ce61
- SHA512
  
  2f17708d074b8e6557b973a44d7a0d453330a04a01222a7e1dbe171fdca928b30ee76151201ae16550049a04134b9155517dbae540d94173aeabe08b49ef14c2
- SSDEEP
  
  6144:oOavk2p1sc2oNQlTlbm2AKnkB1/GB2FuO1D0Z4LGyvBcG4+hZCPCny2rWt+e2DH+:otk2pKhoWTl5JkB1m2Fu1Z4L34+hZCPu
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2