cba969c83a94890552bdcb91254715bf2fc8919245d51cd0a8a49f76dbb9ca9f | Triage

Sharing

General

Target

8d60ebb9f7dcbf6fe2cd449e6f4a511a_JaffaCakes118
Size

337KB
Sample

240812-ffmepazhmg
MD5

8d60ebb9f7dcbf6fe2cd449e6f4a511a
SHA1

4418e364c1c09c241e856b798e19e9377ffe57a1
SHA256

cba969c83a94890552bdcb91254715bf2fc8919245d51cd0a8a49f76dbb9ca9f
SHA512

ee95c3b56be17531489f3bdd5a3e982ab22ee8468e0d8ef713262c05bc6c15ad007868920990c63b03540f867a968ea14f5f059ee3853a25baf6a34dc2c8df85
SSDEEP

6144:FucgMI9Z34jdOHfl8z2UL5gElJDbIjDdsaVFSwQaJYaPWFeN3gt7ekQ:5yZ34jdO/lUFRbKtVFCau9wN3Ae

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  8d60ebb9f7dcbf6fe2cd449e6f4a511a_JaffaCakes118
- Size
  
  337KB
- MD5
  
  8d60ebb9f7dcbf6fe2cd449e6f4a511a
- SHA1
  
  4418e364c1c09c241e856b798e19e9377ffe57a1
- SHA256
  
  cba969c83a94890552bdcb91254715bf2fc8919245d51cd0a8a49f76dbb9ca9f
- SHA512
  
  ee95c3b56be17531489f3bdd5a3e982ab22ee8468e0d8ef713262c05bc6c15ad007868920990c63b03540f867a968ea14f5f059ee3853a25baf6a34dc2c8df85
- SSDEEP
  
  6144:FucgMI9Z34jdOHfl8z2UL5gElJDbIjDdsaVFSwQaJYaPWFeN3gt7ekQ:5yZ34jdO/lUFRbKtVFCau9wN3Ae
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2