f3710f4c344f37c504d2910feac8f81c87a57c8f2d895b3e64e5b119009c499e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27da74017fb2685c32f2d74dec75d820_JaffaCakes118
Size

282KB
Sample

240706-j3r58ssall
MD5

27da74017fb2685c32f2d74dec75d820
SHA1

d7828f8e98875e621d38e4355afef38d7ac3ca04
SHA256

f3710f4c344f37c504d2910feac8f81c87a57c8f2d895b3e64e5b119009c499e
SHA512

bcb33e6fa51485521f403df48256ae1691349bee19b0dace79598db9171c94b4b2e80316b74ad8609aad399a91800731292a3ed02b373d196bbcfc8a9c2cdd55
SSDEEP

6144:eZw2TxWX/f48zO7gtwua+Japo5iCb8lseuxw/6YF1M:yFTxWYMh5qoLb8LCy9E

Score

10^/10

persistence upx

Malware Config

Targets

- Target
  
  27da74017fb2685c32f2d74dec75d820_JaffaCakes118
- Size
  
  282KB
- MD5
  
  27da74017fb2685c32f2d74dec75d820
- SHA1
  
  d7828f8e98875e621d38e4355afef38d7ac3ca04
- SHA256
  
  f3710f4c344f37c504d2910feac8f81c87a57c8f2d895b3e64e5b119009c499e
- SHA512
  
  bcb33e6fa51485521f403df48256ae1691349bee19b0dace79598db9171c94b4b2e80316b74ad8609aad399a91800731292a3ed02b373d196bbcfc8a9c2cdd55
- SSDEEP
  
  6144:eZw2TxWX/f48zO7gtwua+Japo5iCb8lseuxw/6YF1M:yFTxWYMh5qoLb8LCy9E
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2