826cdf0a9306faa810f2ad09441184d8d2aacca8cc781c1b2a4e5f4d52d160a2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b7e93b03414904f31ee18d1ac0f1041_JaffaCakes118
Size

1.1MB
Sample

240701-qv7paavanc
MD5

1b7e93b03414904f31ee18d1ac0f1041
SHA1

0ffcc372e70631f7a610895c5e51c2000e5ebb64
SHA256

826cdf0a9306faa810f2ad09441184d8d2aacca8cc781c1b2a4e5f4d52d160a2
SHA512

83dbb96724753d5d058f3f4668dcedaac441e1709cccbea0baa00a77b8071471132fd71993cb330b90fc2019d9df9ec52954f82c3e6c32fd585a115a6cf357d5
SSDEEP

12288:9vFaZUyXzmUy7KD6kXaS0HHmigh2hlFaZ4W6MvmuhycP3gu5xedZP6E2PmMPiT5:WmyDmU4Kn0HGFgsNm0ycwu5xejP6XiV

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  1b7e93b03414904f31ee18d1ac0f1041_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  1b7e93b03414904f31ee18d1ac0f1041
- SHA1
  
  0ffcc372e70631f7a610895c5e51c2000e5ebb64
- SHA256
  
  826cdf0a9306faa810f2ad09441184d8d2aacca8cc781c1b2a4e5f4d52d160a2
- SHA512
  
  83dbb96724753d5d058f3f4668dcedaac441e1709cccbea0baa00a77b8071471132fd71993cb330b90fc2019d9df9ec52954f82c3e6c32fd585a115a6cf357d5
- SSDEEP
  
  12288:9vFaZUyXzmUy7KD6kXaS0HHmigh2hlFaZ4W6MvmuhycP3gu5xedZP6E2PmMPiT5:WmyDmU4Kn0HGFgsNm0ycwu5xejP6XiV
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2