756b67abc8b7aa9703757b8c64abbb2e60f32020016a48ade071c8c5ea6dc5f6 | Triage

Sharing

General

Target

29a2e79407ce167058c8f594942bcd45_JaffaCakes118
Size

127KB
Sample

240707-bla7dssajf
MD5

29a2e79407ce167058c8f594942bcd45
SHA1

67c7cfe5ca131eb196da1216f719acdc769d8611
SHA256

756b67abc8b7aa9703757b8c64abbb2e60f32020016a48ade071c8c5ea6dc5f6
SHA512

c123eb995468d0470a14c2c2b841ed7c595209f2d66abeab64d9c746cdadada13e234927b2e8aa2087b366bf0e6b5c802dfa640aa31f110219831dd57003d10e
SSDEEP

768:J9xjAZ5T6H3deXsDGnfyHE5AE+cCltnPSBcsIaDToe/wL+x50dnIO9FJwIbBZH/K:vxjAZ0VOqYolU0dn7JwIlZ5mvLa

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  29a2e79407ce167058c8f594942bcd45_JaffaCakes118
- Size
  
  127KB
- MD5
  
  29a2e79407ce167058c8f594942bcd45
- SHA1
  
  67c7cfe5ca131eb196da1216f719acdc769d8611
- SHA256
  
  756b67abc8b7aa9703757b8c64abbb2e60f32020016a48ade071c8c5ea6dc5f6
- SHA512
  
  c123eb995468d0470a14c2c2b841ed7c595209f2d66abeab64d9c746cdadada13e234927b2e8aa2087b366bf0e6b5c802dfa640aa31f110219831dd57003d10e
- SSDEEP
  
  768:J9xjAZ5T6H3deXsDGnfyHE5AE+cCltnPSBcsIaDToe/wL+x50dnIO9FJwIbBZH/K:vxjAZ0VOqYolU0dn7JwIlZ5mvLa
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2