e64d6257396dfb8c4ebbbacfa99cf9aa30cb69fac13823f1f12b0fdba12a5696 | Triage

Sharing

General

Target

37301bbe8134bf8f470f78e9264d3171_JaffaCakes118
Size

276KB
Sample

240711-bsyk9stckf
MD5

37301bbe8134bf8f470f78e9264d3171
SHA1

c125c59eb31a300a81a417f6fc1958acf9b61fd8
SHA256

e64d6257396dfb8c4ebbbacfa99cf9aa30cb69fac13823f1f12b0fdba12a5696
SHA512

c24727ec450a689b63ef335288f32b14bef32dc5236a8952f2364fb902b694da269887163b0637892d723d47657984f88baaca3e2146ed307e950873bca859cf
SSDEEP

6144:I4P885qxrnbQR8vhTcqHR18lGk9mi+BAENW958AwV:Ia8VxDbbvhpHuGfZBAR51wV

Score

10^/10

persistence upx

Malware Config

Targets

- Target
  
  37301bbe8134bf8f470f78e9264d3171_JaffaCakes118
- Size
  
  276KB
- MD5
  
  37301bbe8134bf8f470f78e9264d3171
- SHA1
  
  c125c59eb31a300a81a417f6fc1958acf9b61fd8
- SHA256
  
  e64d6257396dfb8c4ebbbacfa99cf9aa30cb69fac13823f1f12b0fdba12a5696
- SHA512
  
  c24727ec450a689b63ef335288f32b14bef32dc5236a8952f2364fb902b694da269887163b0637892d723d47657984f88baaca3e2146ed307e950873bca859cf
- SSDEEP
  
  6144:I4P885qxrnbQR8vhTcqHR18lGk9mi+BAENW958AwV:Ia8VxDbbvhpHuGfZBAR51wV
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2