9c36c271a07f1d2995cdad2d48416f805a2c7844eb884f57e43f56571b990198 | Triage

Sharing

General

Target

612fcd611875c461aa1d75399585c343_JaffaCakes118
Size

52KB
Sample

240721-yn95tsthqq
MD5

612fcd611875c461aa1d75399585c343
SHA1

a37dd0f687c0de07db6e75f092bcb3ccc7da096b
SHA256

9c36c271a07f1d2995cdad2d48416f805a2c7844eb884f57e43f56571b990198
SHA512

0d89e7b7ef13a3e754b7a2b8c868bf3620843354bfa7940b4108b3deffbc36c80f48d38dc08087c44b9514c46e9a1174fb7993f29a6987a6ad79cf6e6423ddcc
SSDEEP

1536:uRKeSWZ+EWJaR3n2NkZJlucVWdcGCdx2/:vahRWeGCdc/

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  612fcd611875c461aa1d75399585c343_JaffaCakes118
- Size
  
  52KB
- MD5
  
  612fcd611875c461aa1d75399585c343
- SHA1
  
  a37dd0f687c0de07db6e75f092bcb3ccc7da096b
- SHA256
  
  9c36c271a07f1d2995cdad2d48416f805a2c7844eb884f57e43f56571b990198
- SHA512
  
  0d89e7b7ef13a3e754b7a2b8c868bf3620843354bfa7940b4108b3deffbc36c80f48d38dc08087c44b9514c46e9a1174fb7993f29a6987a6ad79cf6e6423ddcc
- SSDEEP
  
  1536:uRKeSWZ+EWJaR3n2NkZJlucVWdcGCdx2/:vahRWeGCdc/
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2