0ee903a6bd32212d9b395d61ad6ed901a957861353a0db54145d1f939c487721 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

722cbe8c778a8b5e6e03a64dd9264179_JaffaCakes118
Size

274KB
Sample

240726-cf4geszalp
MD5

722cbe8c778a8b5e6e03a64dd9264179
SHA1

4fa97b2ff08de46a44df7701f956a9f466ec6f77
SHA256

0ee903a6bd32212d9b395d61ad6ed901a957861353a0db54145d1f939c487721
SHA512

78c82006d6dc38c533dc6f779020a729ef42dee8954619f5f3ba58f9777f16ae86d256aaee530922ad5a9fc5d6869af566a19d719895b9c674f294e1080e5f8f
SSDEEP

6144:UtCVllPYdJTKU7lHMAyqXWKhQersJRfhv15wmEleKc:UtCVllGXlHMnqmPerKfv+mseKc

Score

10^/10

discovery persistence upx

Malware Config

Targets

- Target
  
  722cbe8c778a8b5e6e03a64dd9264179_JaffaCakes118
- Size
  
  274KB
- MD5
  
  722cbe8c778a8b5e6e03a64dd9264179
- SHA1
  
  4fa97b2ff08de46a44df7701f956a9f466ec6f77
- SHA256
  
  0ee903a6bd32212d9b395d61ad6ed901a957861353a0db54145d1f939c487721
- SHA512
  
  78c82006d6dc38c533dc6f779020a729ef42dee8954619f5f3ba58f9777f16ae86d256aaee530922ad5a9fc5d6869af566a19d719895b9c674f294e1080e5f8f
- SSDEEP
  
  6144:UtCVllPYdJTKU7lHMAyqXWKhQersJRfhv15wmEleKc:UtCVllGXlHMnqmPerKfv+mseKc
Score

10^/10

discovery persistence upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceupx

behavioral2