d625682a3642d4bed728755b8aef41de78542991ead71f5a68aacaa4b8af5035 | Triage

Sharing

General

Target

b1e9d16fbfd14aa93d3ac43dba866060_JaffaCakes118
Size

64KB
Sample

240821-dthyba1epk
MD5

b1e9d16fbfd14aa93d3ac43dba866060
SHA1

574208b32757a22d6c903e326be62db165bd2083
SHA256

d625682a3642d4bed728755b8aef41de78542991ead71f5a68aacaa4b8af5035
SHA512

b7dc82c6506aecff75923e1433213a13c058304b3d93fc308e5e7f25e670e036872299bbdb8d9b0fdf8a8aa145df4a00181debec2db4c44aaa399035cdddc176
SSDEEP

1536:RM2DRmnQW8ptTFMZegMVzVbbU+bOOOOOMYQ/nFlL4LOOOOOOOOO/OOOOOOOOKDtN:mMmnJ8ptToejF/slpN

Score

10^/10

discovery persistence upx

Malware Config

Targets

- Target
  
  b1e9d16fbfd14aa93d3ac43dba866060_JaffaCakes118
- Size
  
  64KB
- MD5
  
  b1e9d16fbfd14aa93d3ac43dba866060
- SHA1
  
  574208b32757a22d6c903e326be62db165bd2083
- SHA256
  
  d625682a3642d4bed728755b8aef41de78542991ead71f5a68aacaa4b8af5035
- SHA512
  
  b7dc82c6506aecff75923e1433213a13c058304b3d93fc308e5e7f25e670e036872299bbdb8d9b0fdf8a8aa145df4a00181debec2db4c44aaa399035cdddc176
- SSDEEP
  
  1536:RM2DRmnQW8ptTFMZegMVzVbbU+bOOOOOMYQ/nFlL4LOOOOOOOOO/OOOOOOOOKDtN:mMmnJ8ptToejF/slpN
Score

10^/10

discovery persistence upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceupx

behavioral2

discoverypersistenceupx