4434a35c8e09e86b6926600b855b827a04a2b89b5f9bde07ddb0eab4f0cf5fc9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b86acb34c5ba3b333a3f18b06dacd6c7_JaffaCakes118
Size

90KB
Sample

240822-vhm7bsxhjf
MD5

b86acb34c5ba3b333a3f18b06dacd6c7
SHA1

52f6db46c59d4a05dc2abc4081a62bd50815f65f
SHA256

4434a35c8e09e86b6926600b855b827a04a2b89b5f9bde07ddb0eab4f0cf5fc9
SHA512

68392a6fcc10ed345800f402d7fdc958cb6ae308628828e1093cadab75d34a5af309289cf456ed1e9b87528e99b68b59cd7d293a8919cbea7dab8d87abe687f1
SSDEEP

1536:rP8aAuh7Sos/SDNhZ6+fkrheKHBqtIn4fnx4t2otmZikgmsqkwm:rk7u0SrJKHB/WTYpJ

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  b86acb34c5ba3b333a3f18b06dacd6c7_JaffaCakes118
- Size
  
  90KB
- MD5
  
  b86acb34c5ba3b333a3f18b06dacd6c7
- SHA1
  
  52f6db46c59d4a05dc2abc4081a62bd50815f65f
- SHA256
  
  4434a35c8e09e86b6926600b855b827a04a2b89b5f9bde07ddb0eab4f0cf5fc9
- SHA512
  
  68392a6fcc10ed345800f402d7fdc958cb6ae308628828e1093cadab75d34a5af309289cf456ed1e9b87528e99b68b59cd7d293a8919cbea7dab8d87abe687f1
- SSDEEP
  
  1536:rP8aAuh7Sos/SDNhZ6+fkrheKHBqtIn4fnx4t2otmZikgmsqkwm:rk7u0SrJKHB/WTYpJ
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence