bbcdf3e35d1f0ce930ec82103474ea613c6731bdd8686c968de5ac9d0c56be30 | Triage

Sharing

General

Target

375c5bec20569d655570a58f8471c57b_JaffaCakes118
Size

76KB
Sample

240711-cykr2awerc
MD5

375c5bec20569d655570a58f8471c57b
SHA1

7c4c00b7ccb6101b4567d514473f5c3c8f95929d
SHA256

bbcdf3e35d1f0ce930ec82103474ea613c6731bdd8686c968de5ac9d0c56be30
SHA512

a65da01e761323beb67bb54c4f552a7014d32cc186551d86e65ec28ca8c20bb8ae3b026e357a4d15b0e4da700824cbfade8e80a1eef76687bac7f8d4dee4b269
SSDEEP

1536:FPr+w62GvmKBe0bUDE6KoUuXZALSxgt9srtWPpZQzj:FPr+12G3e0ADEe/aZQzj

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  375c5bec20569d655570a58f8471c57b_JaffaCakes118
- Size
  
  76KB
- MD5
  
  375c5bec20569d655570a58f8471c57b
- SHA1
  
  7c4c00b7ccb6101b4567d514473f5c3c8f95929d
- SHA256
  
  bbcdf3e35d1f0ce930ec82103474ea613c6731bdd8686c968de5ac9d0c56be30
- SHA512
  
  a65da01e761323beb67bb54c4f552a7014d32cc186551d86e65ec28ca8c20bb8ae3b026e357a4d15b0e4da700824cbfade8e80a1eef76687bac7f8d4dee4b269
- SSDEEP
  
  1536:FPr+w62GvmKBe0bUDE6KoUuXZALSxgt9srtWPpZQzj:FPr+12G3e0ADEe/aZQzj
Score

6^/10

persistence
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2