228a1ef3d03cadcb4fa2907dbb981833e228432a620dca2a59e771c3262af2b5 | Triage

Sharing

General

Target

b9bfecb04240ac8d81ac25cffc179b21_JaffaCakes118
Size

338KB
Sample

240823-bc2b8azbmp
MD5

b9bfecb04240ac8d81ac25cffc179b21
SHA1

a73b40a282efe4bb2925b0eace7eb8f3f25025b1
SHA256

228a1ef3d03cadcb4fa2907dbb981833e228432a620dca2a59e771c3262af2b5
SHA512

62dfa9c0e4c76cd4e7e1c6378ba959329447ea297810b5c49216ff57954f8c486fb1aa5dd3285ed611b4f27438441ae2ff3121066fce5c89b71d50ec4f18d8d4
SSDEEP

6144:GUm8d76JhYzQUOXFb7z9U7RQKIYdu0V/mj7rcS6WlsQpEC:GU96JizOZO7Rv580hmj76QpZ

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  b9bfecb04240ac8d81ac25cffc179b21_JaffaCakes118
- Size
  
  338KB
- MD5
  
  b9bfecb04240ac8d81ac25cffc179b21
- SHA1
  
  a73b40a282efe4bb2925b0eace7eb8f3f25025b1
- SHA256
  
  228a1ef3d03cadcb4fa2907dbb981833e228432a620dca2a59e771c3262af2b5
- SHA512
  
  62dfa9c0e4c76cd4e7e1c6378ba959329447ea297810b5c49216ff57954f8c486fb1aa5dd3285ed611b4f27438441ae2ff3121066fce5c89b71d50ec4f18d8d4
- SSDEEP
  
  6144:GUm8d76JhYzQUOXFb7z9U7RQKIYdu0V/mj7rcS6WlsQpEC:GU96JizOZO7Rv580hmj76QpZ
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2