878d00ccfc3f3d0112daa9fabac1c23aee3d2beb4e11fe3f0bafc57abd1d3fa3 | Triage

Sharing

General

Target

cfb8b95785b67c9b54be21add1ae1e44_JaffaCakes118
Size

241KB
Sample

240906-rkcxlazhqr
MD5

cfb8b95785b67c9b54be21add1ae1e44
SHA1

8c8492f60a65688311408fa48a9b734ae0f5b123
SHA256

878d00ccfc3f3d0112daa9fabac1c23aee3d2beb4e11fe3f0bafc57abd1d3fa3
SHA512

34eabdff03ab725f2239c4ceb37c10bde9e3d2e077dc0834c36ad148e093a5cafdc9c0ee74149c4cb431b38e38d280c5fee7cb9ccae142cdbff01481bb42ba3c
SSDEEP

6144:G5LtD/gtVE7/nKiZ3SPWKd4eD8d8royMdG4vi7bHumr:6+tVEznKi0Wmed8royMy3um

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  cfb8b95785b67c9b54be21add1ae1e44_JaffaCakes118
- Size
  
  241KB
- MD5
  
  cfb8b95785b67c9b54be21add1ae1e44
- SHA1
  
  8c8492f60a65688311408fa48a9b734ae0f5b123
- SHA256
  
  878d00ccfc3f3d0112daa9fabac1c23aee3d2beb4e11fe3f0bafc57abd1d3fa3
- SHA512
  
  34eabdff03ab725f2239c4ceb37c10bde9e3d2e077dc0834c36ad148e093a5cafdc9c0ee74149c4cb431b38e38d280c5fee7cb9ccae142cdbff01481bb42ba3c
- SSDEEP
  
  6144:G5LtD/gtVE7/nKiZ3SPWKd4eD8d8royMdG4vi7bHumr:6+tVEznKi0Wmed8royMy3um
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2