b197cbb34b6a10f142005fbdd60332c886e2f5360a5d689b4e20aadf7dac548f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3274f7a661da13679f1d3bee600b727d_JaffaCakes118
Size

243KB
Sample

240709-3m72asvckc
MD5

3274f7a661da13679f1d3bee600b727d
SHA1

fbdf68405c69f0e9e18c12f1c1076ce8ae6b7cc3
SHA256

b197cbb34b6a10f142005fbdd60332c886e2f5360a5d689b4e20aadf7dac548f
SHA512

50fbd211e53b332c86961dd73618df777d9486bad8833cdfd7d0c54457b4e1725f1db5d8c10ef4bed2f01e2908e04ad6b47a1f20472e4a2d054aed0c4c295a4d
SSDEEP

6144:Y7CB5wjqgN0PV6gN6DQGUqPSIxTWuFZw2v0IDrJEkzP0q1SAcmvv:eywjusDQLq6IxTjFZwRIDriAP0q1cm

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  3274f7a661da13679f1d3bee600b727d_JaffaCakes118
- Size
  
  243KB
- MD5
  
  3274f7a661da13679f1d3bee600b727d
- SHA1
  
  fbdf68405c69f0e9e18c12f1c1076ce8ae6b7cc3
- SHA256
  
  b197cbb34b6a10f142005fbdd60332c886e2f5360a5d689b4e20aadf7dac548f
- SHA512
  
  50fbd211e53b332c86961dd73618df777d9486bad8833cdfd7d0c54457b4e1725f1db5d8c10ef4bed2f01e2908e04ad6b47a1f20472e4a2d054aed0c4c295a4d
- SSDEEP
  
  6144:Y7CB5wjqgN0PV6gN6DQGUqPSIxTWuFZw2v0IDrJEkzP0q1SAcmvv:eywjusDQLq6IxTjFZwRIDriAP0q1cm
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2