fe15adb97cdf9ddf771277656c4adf87782bf5e39541ebc12f9e4062301313b3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e831b4c5f8aec5c122711227bcb9c75_JaffaCakes118
Size

269KB
Sample

240625-sf97zaxajb
MD5

0e831b4c5f8aec5c122711227bcb9c75
SHA1

c700b0db42102a2b53f2be143706756c9e44aeae
SHA256

fe15adb97cdf9ddf771277656c4adf87782bf5e39541ebc12f9e4062301313b3
SHA512

161931a7f6d0a5baaec059da748474792f2b92a3ab04c10b6a4de55e2a4d5d5b5b5b329fec45828042e079dd36f78b2007b9758819cce751e9f399a24cb8e44f
SSDEEP

6144:X/w8abEfC7QCAUtrj89/BskQkWTfZQ0/0cdmiRwxArDUn:X4K6LzHKcvTZQ0/0zJxQDU

Score

10^/10

persistence upx

Malware Config

Targets

- Target
  
  0e831b4c5f8aec5c122711227bcb9c75_JaffaCakes118
- Size
  
  269KB
- MD5
  
  0e831b4c5f8aec5c122711227bcb9c75
- SHA1
  
  c700b0db42102a2b53f2be143706756c9e44aeae
- SHA256
  
  fe15adb97cdf9ddf771277656c4adf87782bf5e39541ebc12f9e4062301313b3
- SHA512
  
  161931a7f6d0a5baaec059da748474792f2b92a3ab04c10b6a4de55e2a4d5d5b5b5b329fec45828042e079dd36f78b2007b9758819cce751e9f399a24cb8e44f
- SSDEEP
  
  6144:X/w8abEfC7QCAUtrj89/BskQkWTfZQ0/0cdmiRwxArDUn:X4K6LzHKcvTZQ0/0zJxQDU
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2