0523d9b0c207ca5719c45eeff40358057cfa0783072c88b2ffe2269bf77eae85 | Triage

Sharing

General

Target

3faedeccf7627fd3acf6c44154b8a6dd_JaffaCakes118
Size

91KB
Sample

240713-b1py4asdpa
MD5

3faedeccf7627fd3acf6c44154b8a6dd
SHA1

880a73af0f70c253d7da8ac3b17d7ddec582ebc7
SHA256

0523d9b0c207ca5719c45eeff40358057cfa0783072c88b2ffe2269bf77eae85
SHA512

2e7cce28da5a2b6e1de3129c956990cbc193c10cc5d8d5b7af586b640901afefe9319c3833ea68c4d7987ffe7f9abca4ad7f6fb7e57c6fd79ba34c6593587503
SSDEEP

1536:kGTzpswSdXNgFopevPFFvDQOKfgXTb/cFLaC:kGTzcd9gFopsdbbMk

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  3faedeccf7627fd3acf6c44154b8a6dd_JaffaCakes118
- Size
  
  91KB
- MD5
  
  3faedeccf7627fd3acf6c44154b8a6dd
- SHA1
  
  880a73af0f70c253d7da8ac3b17d7ddec582ebc7
- SHA256
  
  0523d9b0c207ca5719c45eeff40358057cfa0783072c88b2ffe2269bf77eae85
- SHA512
  
  2e7cce28da5a2b6e1de3129c956990cbc193c10cc5d8d5b7af586b640901afefe9319c3833ea68c4d7987ffe7f9abca4ad7f6fb7e57c6fd79ba34c6593587503
- SSDEEP
  
  1536:kGTzpswSdXNgFopevPFFvDQOKfgXTb/cFLaC:kGTzcd9gFopsdbbMk
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2