e04d62e001b68509047324a73082f47e3421daf80abc3f29bcb7bbede153d5bd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8ac0e5508191a837e255caccbfb788f8_JaffaCakes118
Size

75KB
Sample

240811-r1hssayald
MD5

8ac0e5508191a837e255caccbfb788f8
SHA1

c32aa246d95b816e8035ba5980b0244d1704be8e
SHA256

e04d62e001b68509047324a73082f47e3421daf80abc3f29bcb7bbede153d5bd
SHA512

1286564f2e5560b56839c641490d112b889368be2634e610fff0f62bf94c73c7b891caa52a6944f51b9457b6d59875108e3bcbb5f56b790b23e16b6cb61a3bc3
SSDEEP

1536:pCsLh3UwC7y2/fPQ1bXtbvY6vweq/cGCW7rNVMzA7:pQFFHQ1BbHu0G59VMz

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  8ac0e5508191a837e255caccbfb788f8_JaffaCakes118
- Size
  
  75KB
- MD5
  
  8ac0e5508191a837e255caccbfb788f8
- SHA1
  
  c32aa246d95b816e8035ba5980b0244d1704be8e
- SHA256
  
  e04d62e001b68509047324a73082f47e3421daf80abc3f29bcb7bbede153d5bd
- SHA512
  
  1286564f2e5560b56839c641490d112b889368be2634e610fff0f62bf94c73c7b891caa52a6944f51b9457b6d59875108e3bcbb5f56b790b23e16b6cb61a3bc3
- SSDEEP
  
  1536:pCsLh3UwC7y2/fPQ1bXtbvY6vweq/cGCW7rNVMzA7:pQFFHQ1BbHu0G59VMz
Score

6^/10

discovery persistence
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence