44c2f8d3b6b1aa714f341190da765421a9144c1557f3da0732d7242f3cc7df11 | Triage

Sharing

General

Target

789adeec4a5611fb076d53ed4dc8279a_JaffaCakes118
Size

330KB
Sample

240727-sn7f2sycng
MD5

789adeec4a5611fb076d53ed4dc8279a
SHA1

40041359e5a82a7b852b4ce45ab9047da5f0ce5c
SHA256

44c2f8d3b6b1aa714f341190da765421a9144c1557f3da0732d7242f3cc7df11
SHA512

344779af9a8e63b55e9a6cb0ea59e3233cc143be6b153f367a88e3434ae5a5e85ee0ff22a604cab1494c9550d919a4885be2b3ef9c66155d5391a357ba48162b
SSDEEP

6144:NqGtZYe5OviOQ6bQAZupq5MlZMb0Hhi7AcgeNyy0:NqGtZjOXQMupq59b0HI7a

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  789adeec4a5611fb076d53ed4dc8279a_JaffaCakes118
- Size
  
  330KB
- MD5
  
  789adeec4a5611fb076d53ed4dc8279a
- SHA1
  
  40041359e5a82a7b852b4ce45ab9047da5f0ce5c
- SHA256
  
  44c2f8d3b6b1aa714f341190da765421a9144c1557f3da0732d7242f3cc7df11
- SHA512
  
  344779af9a8e63b55e9a6cb0ea59e3233cc143be6b153f367a88e3434ae5a5e85ee0ff22a604cab1494c9550d919a4885be2b3ef9c66155d5391a357ba48162b
- SSDEEP
  
  6144:NqGtZYe5OviOQ6bQAZupq5MlZMb0Hhi7AcgeNyy0:NqGtZjOXQMupq59b0HI7a
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2