444d3e227591e251b3114bee41ac0b14627d3e4aebcc84749bab77316c631bd0 | Triage

Sharing

General

Target

be5b87e0bb953a1ab3496cf6f7fb5897_JaffaCakes118
Size

62KB
Sample

240824-l2dybsvckd
MD5

be5b87e0bb953a1ab3496cf6f7fb5897
SHA1

a6aa09fa8b71a3951911b521e34435093ebd39ec
SHA256

444d3e227591e251b3114bee41ac0b14627d3e4aebcc84749bab77316c631bd0
SHA512

b93828b41153b217d456de5758c84cb70a2b9ef212494270530f9157afcc29dd7d068cd66aaa305dd5301c460e3662434696d73d61d562b949f0f72755940e74
SSDEEP

768:hEDHCnRXpBeLqa0FBh14k7iZLZx4J7W8XmXNBlNDFX7fq/vdqx03weoSb03xd:lRXpBeU6n4PYB7l7oV0S8

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  be5b87e0bb953a1ab3496cf6f7fb5897_JaffaCakes118
- Size
  
  62KB
- MD5
  
  be5b87e0bb953a1ab3496cf6f7fb5897
- SHA1
  
  a6aa09fa8b71a3951911b521e34435093ebd39ec
- SHA256
  
  444d3e227591e251b3114bee41ac0b14627d3e4aebcc84749bab77316c631bd0
- SHA512
  
  b93828b41153b217d456de5758c84cb70a2b9ef212494270530f9157afcc29dd7d068cd66aaa305dd5301c460e3662434696d73d61d562b949f0f72755940e74
- SSDEEP
  
  768:hEDHCnRXpBeLqa0FBh14k7iZLZx4J7W8XmXNBlNDFX7fq/vdqx03weoSb03xd:lRXpBeU6n4PYB7l7oV0S8
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence