389031ec10a63c68faafde62b8b4a9166ad19f994f8ac18f0aa12e0e5a1e0bbb | Triage

Sharing

General

Target

af22ad3e863819f7ada1147be3ae6cae_JaffaCakes118
Size

57KB
Sample

240820-n666savbkl
MD5

af22ad3e863819f7ada1147be3ae6cae
SHA1

1c6ce1e10595443bc8a7b8ac3f33bb22e5e2e3c0
SHA256

389031ec10a63c68faafde62b8b4a9166ad19f994f8ac18f0aa12e0e5a1e0bbb
SHA512

cf1685d56ebaee17e79c03c0596bd4f41260a175a38460022acd7500e85888f49672d1317146dd31987c1286a3b01fd2342e79993a1a3cf083ef696e2d16196d
SSDEEP

768:ZORtcmWktD8bsBmqswpxlEzhv1d3ZLT35sH753xU2kamZgdmi0dG8EQnrH0LaaKy:ZwtXD8mFoPpmt3xmamSyGpQnYLN

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  af22ad3e863819f7ada1147be3ae6cae_JaffaCakes118
- Size
  
  57KB
- MD5
  
  af22ad3e863819f7ada1147be3ae6cae
- SHA1
  
  1c6ce1e10595443bc8a7b8ac3f33bb22e5e2e3c0
- SHA256
  
  389031ec10a63c68faafde62b8b4a9166ad19f994f8ac18f0aa12e0e5a1e0bbb
- SHA512
  
  cf1685d56ebaee17e79c03c0596bd4f41260a175a38460022acd7500e85888f49672d1317146dd31987c1286a3b01fd2342e79993a1a3cf083ef696e2d16196d
- SSDEEP
  
  768:ZORtcmWktD8bsBmqswpxlEzhv1d3ZLT35sH753xU2kamZgdmi0dG8EQnrH0LaaKy:ZwtXD8mFoPpmt3xmamSyGpQnYLN
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence