87ebb92bc15419808abbfa7a53856e0fcfed8a53c1bb7ee16d4210f87fb29df2 | Triage

Sharing

General

Target

8d38e59a8dc4c856ce68d38bb3759a6e_JaffaCakes118
Size

262KB
Sample

240812-ehjwxaydjf
MD5

8d38e59a8dc4c856ce68d38bb3759a6e
SHA1

24fe717df22197d930cd89c9eb3de3383649acc4
SHA256

87ebb92bc15419808abbfa7a53856e0fcfed8a53c1bb7ee16d4210f87fb29df2
SHA512

b9d1635aae0b35c72cfdb94e1cc73ce7fbc1fb2a251c0a4abc82cb761f5e14b8ffeb4163f048be5373ea6ede8d0ad4a3b3b988a7e059960973d106f7bbfaa984
SSDEEP

3072:Z8nW6fb/CH1pGLP7c7pJ1GE7am88d5Bt9pTlNg8pPD4Cqykp/v35aYV1kOOkSCWc:OWQ6HWLs+Eum1RNrkCqddcGRW4P

Score

10^/10

discovery persistence upx

Malware Config

Targets

- Target
  
  8d38e59a8dc4c856ce68d38bb3759a6e_JaffaCakes118
- Size
  
  262KB
- MD5
  
  8d38e59a8dc4c856ce68d38bb3759a6e
- SHA1
  
  24fe717df22197d930cd89c9eb3de3383649acc4
- SHA256
  
  87ebb92bc15419808abbfa7a53856e0fcfed8a53c1bb7ee16d4210f87fb29df2
- SHA512
  
  b9d1635aae0b35c72cfdb94e1cc73ce7fbc1fb2a251c0a4abc82cb761f5e14b8ffeb4163f048be5373ea6ede8d0ad4a3b3b988a7e059960973d106f7bbfaa984
- SSDEEP
  
  3072:Z8nW6fb/CH1pGLP7c7pJ1GE7am88d5Bt9pTlNg8pPD4Cqykp/v35aYV1kOOkSCWc:OWQ6HWLs+Eum1RNrkCqddcGRW4P
Score

10^/10

discovery persistence upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceupx

behavioral2