77ccbb37dc1fe487df0dbbc4f0a22637e9729899fbe7da83caa4518b6520114d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a1d192b3cec859c84b93b70314e7851d_JaffaCakes118
Size

81KB
Sample

240817-j89mgawdkb
MD5

a1d192b3cec859c84b93b70314e7851d
SHA1

c9e6e24251de446b6bff76e4b00f3ee0137fb466
SHA256

77ccbb37dc1fe487df0dbbc4f0a22637e9729899fbe7da83caa4518b6520114d
SHA512

de7ac76fe317082653f1cc67338f06792402719ee7821d35f9c7f18350e35411bdb48b7f44d682e1b4fb6cabede5b1e396f986a099f1c682224db0941ba1c708
SSDEEP

768:BoqfNMCW0hyoqvMtseAeJD+LzeD+9ClfbwbCCvd4YUI2jtXnjH7wQB1ZXs/8gLav:BoqfNMeTv/ZWeAC5CqYqXnjcQZXs1La

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  a1d192b3cec859c84b93b70314e7851d_JaffaCakes118
- Size
  
  81KB
- MD5
  
  a1d192b3cec859c84b93b70314e7851d
- SHA1
  
  c9e6e24251de446b6bff76e4b00f3ee0137fb466
- SHA256
  
  77ccbb37dc1fe487df0dbbc4f0a22637e9729899fbe7da83caa4518b6520114d
- SHA512
  
  de7ac76fe317082653f1cc67338f06792402719ee7821d35f9c7f18350e35411bdb48b7f44d682e1b4fb6cabede5b1e396f986a099f1c682224db0941ba1c708
- SSDEEP
  
  768:BoqfNMCW0hyoqvMtseAeJD+LzeD+9ClfbwbCCvd4YUI2jtXnjH7wQB1ZXs/8gLav:BoqfNMeTv/ZWeAC5CqYqXnjcQZXs1La
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2