53bcf83b6f91c911b345cebdebe676471028d197bde3e42ba37ba776f287e29d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e011cc01d65a1e3cec270b117dfd51a3_JaffaCakes118
Size

68KB
Sample

240914-ncn34s1aqq
MD5

e011cc01d65a1e3cec270b117dfd51a3
SHA1

96e9335b63b912925ae82877c0360852ef1425e5
SHA256

53bcf83b6f91c911b345cebdebe676471028d197bde3e42ba37ba776f287e29d
SHA512

10a749747f04d842cbd93f6cec38aeac0fbc676d31667bb0ff5811435328a20d0259360f82f359485b5a81427a9943d576a16a8ff1c2a8981a0a947c7fe18e17
SSDEEP

1536:KQw83AZMKErqwc99fHiEMU5OIAWa7r1x+J4nonGz/NF37U4z:KQfe91iNvIDa7jHoGjNFw4z

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  e011cc01d65a1e3cec270b117dfd51a3_JaffaCakes118
- Size
  
  68KB
- MD5
  
  e011cc01d65a1e3cec270b117dfd51a3
- SHA1
  
  96e9335b63b912925ae82877c0360852ef1425e5
- SHA256
  
  53bcf83b6f91c911b345cebdebe676471028d197bde3e42ba37ba776f287e29d
- SHA512
  
  10a749747f04d842cbd93f6cec38aeac0fbc676d31667bb0ff5811435328a20d0259360f82f359485b5a81427a9943d576a16a8ff1c2a8981a0a947c7fe18e17
- SSDEEP
  
  1536:KQw83AZMKErqwc99fHiEMU5OIAWa7r1x+J4nonGz/NF37U4z:KQfe91iNvIDa7jHoGjNFw4z
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence