57a95e51e2e3673bc97710a0659449b56ebe8966b1a8b4c92fe7d0e21b2985e5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c8346705214a1a02a745acaa4f8da84b_JaffaCakes118
Size

557KB
Sample

240829-erdq9ashqh
MD5

c8346705214a1a02a745acaa4f8da84b
SHA1

ceb0b7e276862897ebf18d2a8a93b8db53eed551
SHA256

57a95e51e2e3673bc97710a0659449b56ebe8966b1a8b4c92fe7d0e21b2985e5
SHA512

f276e46c77e8026e57b37433dfb18d82913abd3dcf6267ef1977f0f51815bd667a6b519c5cecb5de12438c266f0d724efcd64a906e71fc1fbc2c874a7e5ccf62
SSDEEP

12288:kosLbAzlfg10WF2jLrMAEEazF+tNSJCehqS1tRKM:kfAzlR4YHMAEBF+tN+ZtP

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  c8346705214a1a02a745acaa4f8da84b_JaffaCakes118
- Size
  
  557KB
- MD5
  
  c8346705214a1a02a745acaa4f8da84b
- SHA1
  
  ceb0b7e276862897ebf18d2a8a93b8db53eed551
- SHA256
  
  57a95e51e2e3673bc97710a0659449b56ebe8966b1a8b4c92fe7d0e21b2985e5
- SHA512
  
  f276e46c77e8026e57b37433dfb18d82913abd3dcf6267ef1977f0f51815bd667a6b519c5cecb5de12438c266f0d724efcd64a906e71fc1fbc2c874a7e5ccf62
- SSDEEP
  
  12288:kosLbAzlfg10WF2jLrMAEEazF+tNSJCehqS1tRKM:kfAzlR4YHMAEBF+tN+ZtP
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence