Overview

overview

10

Static

static

3

b28d63377f...18.exe

windows7-x64

10

b28d63377f...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b28d63377f5c9c8523cbf86e9fd10ed8_JaffaCakes118

  • Size

    36KB

  • Sample

    240821-h2d2jszamp

  • MD5

    b28d63377f5c9c8523cbf86e9fd10ed8

  • SHA1

    2649767dbc5169f3e09bb7cacfdb8a1bd27f3ba0

  • SHA256

    eb7d6af027eb33438257920d5097f3ede3f7247ec9b0289d85f27a8e874a834b

  • SHA512

    c946f3dad2727299d81ccdb90908b6cefbb03b01328528ab0bb8e59b73415dbfbda9d4c2915e7d6e460f0a92f6a7ae0521bdf232c8367db1517570383197d3c9

  • SSDEEP

    384:19ednMsNlPT7FGLU7pfxOgmlLk7XhyApOlUTEIlNU4GJRaRCGDF7/2XYGJKEZ:LgMsNlPT70CfxO+Rlp+Il+rJemFJh

Score
10/10
discoverypersistence

Malware Config

Targets

    • Target

      b28d63377f5c9c8523cbf86e9fd10ed8_JaffaCakes118

    • Size

      36KB

    • MD5

      b28d63377f5c9c8523cbf86e9fd10ed8

    • SHA1

      2649767dbc5169f3e09bb7cacfdb8a1bd27f3ba0

    • SHA256

      eb7d6af027eb33438257920d5097f3ede3f7247ec9b0289d85f27a8e874a834b

    • SHA512

      c946f3dad2727299d81ccdb90908b6cefbb03b01328528ab0bb8e59b73415dbfbda9d4c2915e7d6e460f0a92f6a7ae0521bdf232c8367db1517570383197d3c9

    • SSDEEP

      384:19ednMsNlPT7FGLU7pfxOgmlLk7XhyApOlUTEIlNU4GJRaRCGDF7/2XYGJKEZ:LgMsNlPT70CfxO+Rlp+Il+rJemFJh

    Score
    10/10
    discoverypersistence

    • Modifies WinLogon for persistence

      persistence

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Modifies WinLogon

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks