4deba076d369dc97f48cd74583a9e7803bb83e766f027bb82a49be57cded0ff3 | Triage

Sharing

General

Target

8b61b1da253b14166929c41be4238da2_JaffaCakes118
Size

282KB
Sample

240811-whz2kavcpb
MD5

8b61b1da253b14166929c41be4238da2
SHA1

db7c7fa8d34e81337ac718688aa7bdb07fbcb394
SHA256

4deba076d369dc97f48cd74583a9e7803bb83e766f027bb82a49be57cded0ff3
SHA512

772c78c575a491b14bbcbec4db57621a769cca7f52ee68f3ea5549f0d5bb1debb69f0ee9c1ed3aaabfc703bd355b5dcea907d7150334d6420a2e61a35976363d
SSDEEP

6144:dZw2TxWX/f48zO7gtwua+Japo5iCb8lseuxw/6YF1M:nFTxWYMh5qoLb8LCy9E

Score

10^/10

discovery persistence upx

Malware Config

Targets

- Target
  
  8b61b1da253b14166929c41be4238da2_JaffaCakes118
- Size
  
  282KB
- MD5
  
  8b61b1da253b14166929c41be4238da2
- SHA1
  
  db7c7fa8d34e81337ac718688aa7bdb07fbcb394
- SHA256
  
  4deba076d369dc97f48cd74583a9e7803bb83e766f027bb82a49be57cded0ff3
- SHA512
  
  772c78c575a491b14bbcbec4db57621a769cca7f52ee68f3ea5549f0d5bb1debb69f0ee9c1ed3aaabfc703bd355b5dcea907d7150334d6420a2e61a35976363d
- SSDEEP
  
  6144:dZw2TxWX/f48zO7gtwua+Japo5iCb8lseuxw/6YF1M:nFTxWYMh5qoLb8LCy9E
Score

10^/10

discovery persistence upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceupx

behavioral2

discoverypersistenceupx