4d8e0818998ed088213eb34afb5ebcccf2cdde1d90faa97957045f8db4f03431 | Triage

Sharing

General

Target

8bd018268066a89b130bc7ca0b66dffe_JaffaCakes118
Size

37KB
Sample

240811-y2nhzszgmh
MD5

8bd018268066a89b130bc7ca0b66dffe
SHA1

93dc8066388a30ba83dddf5200bc959b8c643cb6
SHA256

4d8e0818998ed088213eb34afb5ebcccf2cdde1d90faa97957045f8db4f03431
SHA512

d35a1ebb48f6a0171f95cf376eb34529196b620d99a220d30fc96fed3a268f84e00da1907a4ca322e10b0b5093c312a9206d969eb69eedb93adc19eca26d7913
SSDEEP

768:iE0Yi85oTK9n9zzX8ej3lTReG6MI+4j90:sYh5oTgzzX5ll56M94jW

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  8bd018268066a89b130bc7ca0b66dffe_JaffaCakes118
- Size
  
  37KB
- MD5
  
  8bd018268066a89b130bc7ca0b66dffe
- SHA1
  
  93dc8066388a30ba83dddf5200bc959b8c643cb6
- SHA256
  
  4d8e0818998ed088213eb34afb5ebcccf2cdde1d90faa97957045f8db4f03431
- SHA512
  
  d35a1ebb48f6a0171f95cf376eb34529196b620d99a220d30fc96fed3a268f84e00da1907a4ca322e10b0b5093c312a9206d969eb69eedb93adc19eca26d7913
- SSDEEP
  
  768:iE0Yi85oTK9n9zzX8ej3lTReG6MI+4j90:sYh5oTgzzX5ll56M94jW
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2