033c9aeaecab2385de1f486d511c7df7f7f3d3d30b8a5c61a985c783257bc678 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

445679617c50a72f3073cf0fe62780b5_JaffaCakes118
Size

194KB
Sample

240714-e84zrszaja
MD5

445679617c50a72f3073cf0fe62780b5
SHA1

d8b2efa6579127a83fd06168581a27e389efbbf1
SHA256

033c9aeaecab2385de1f486d511c7df7f7f3d3d30b8a5c61a985c783257bc678
SHA512

82ee627b07ec8bf90cf226b87815cf26a801198bd7f47bac81c7b11f7668accfa99d2b336fd471381980a0117eb02fe95a2a91cd60705799eb9bb3685caab69a
SSDEEP

3072:l+4O1Uzr8l074zA87QCrq+816mbhdqlJtpuvBOQakq6:4cP8o4zACq+8oMhYFs1

Score

10^/10

persistence upx

Malware Config

Targets

- Target
  
  445679617c50a72f3073cf0fe62780b5_JaffaCakes118
- Size
  
  194KB
- MD5
  
  445679617c50a72f3073cf0fe62780b5
- SHA1
  
  d8b2efa6579127a83fd06168581a27e389efbbf1
- SHA256
  
  033c9aeaecab2385de1f486d511c7df7f7f3d3d30b8a5c61a985c783257bc678
- SHA512
  
  82ee627b07ec8bf90cf226b87815cf26a801198bd7f47bac81c7b11f7668accfa99d2b336fd471381980a0117eb02fe95a2a91cd60705799eb9bb3685caab69a
- SSDEEP
  
  3072:l+4O1Uzr8l074zA87QCrq+816mbhdqlJtpuvBOQakq6:4cP8o4zACq+8oMhYFs1
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2