cf76a03fb75b23a2987b631cc11b318e51136ddae7d4e1054e4965435406381b | Triage

Sharing

General

Target

0832b340efc21b7fd68b3989c9dbd69b_JaffaCakes118
Size

2.1MB
Sample

240624-newwqssgrn
MD5

0832b340efc21b7fd68b3989c9dbd69b
SHA1

ef8a533520e4ea8642ef9283bbce57fecf635954
SHA256

cf76a03fb75b23a2987b631cc11b318e51136ddae7d4e1054e4965435406381b
SHA512

8f80c484ce03dd463964ec056115eba69d27d8b6fe356246ad43d93fbc28ca0f67a639f3089e0a7982b6b056c87021eb1ff05200459bac24d469cf4c5365ab0d
SSDEEP

24576:eNPKGskPakey3S59R919Lf3TlLVAmRe3ynrI3hNz+Yg0TY3U5+OoVSt02r+ivk6n:bkBC59R9HxBlBrI7SYY3UkV6vrpv1SRG

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  0832b340efc21b7fd68b3989c9dbd69b_JaffaCakes118
- Size
  
  2.1MB
- MD5
  
  0832b340efc21b7fd68b3989c9dbd69b
- SHA1
  
  ef8a533520e4ea8642ef9283bbce57fecf635954
- SHA256
  
  cf76a03fb75b23a2987b631cc11b318e51136ddae7d4e1054e4965435406381b
- SHA512
  
  8f80c484ce03dd463964ec056115eba69d27d8b6fe356246ad43d93fbc28ca0f67a639f3089e0a7982b6b056c87021eb1ff05200459bac24d469cf4c5365ab0d
- SSDEEP
  
  24576:eNPKGskPakey3S59R919Lf3TlLVAmRe3ynrI3hNz+Yg0TY3U5+OoVSt02r+ivk6n:bkBC59R9HxBlBrI7SYY3UkV6vrpv1SRG
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2