c9aef712b2c059d0b9525023a9bebcbbb32d70f1f9fd5d5e759215dbe0cad60f | Triage

Sharing

General

Target

e05e2c41c5493e63f0ebc8eb77fa0fa0_JaffaCakes118
Size

1.3MB
Sample

240914-rqxh7ayfjc
MD5

e05e2c41c5493e63f0ebc8eb77fa0fa0
SHA1

6d01ad62ec1eb602df59312912f4f3727e0ce53b
SHA256

c9aef712b2c059d0b9525023a9bebcbbb32d70f1f9fd5d5e759215dbe0cad60f
SHA512

989ce3275e7a54ddd1a0f0bbc5a60581f05a47f2ca06c60f024cffa55d713c7953cc5f773e619fe3e0d7d1c99f09434b36196618eb0c1c1bc08d81cf6d67437b
SSDEEP

24576:eNPKS3gPa8AQtItMn1SikUxs2p9GkfaMAi1GbZRyzSqiM915x8SKk:Sga8xa1ijxsc9GS1GbZYd5x/N

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  e05e2c41c5493e63f0ebc8eb77fa0fa0_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  e05e2c41c5493e63f0ebc8eb77fa0fa0
- SHA1
  
  6d01ad62ec1eb602df59312912f4f3727e0ce53b
- SHA256
  
  c9aef712b2c059d0b9525023a9bebcbbb32d70f1f9fd5d5e759215dbe0cad60f
- SHA512
  
  989ce3275e7a54ddd1a0f0bbc5a60581f05a47f2ca06c60f024cffa55d713c7953cc5f773e619fe3e0d7d1c99f09434b36196618eb0c1c1bc08d81cf6d67437b
- SSDEEP
  
  24576:eNPKS3gPa8AQtItMn1SikUxs2p9GkfaMAi1GbZRyzSqiM915x8SKk:Sga8xa1ijxsc9GS1GbZYd5x/N
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence