1dc9a86a25b29d3af115ed70af3a5e8b7745f006b7eaee66fdb52c0a7ccfa5e7 | Triage

Sharing

General

Target

e259678bcae528f6b223d2cdf6dcb071_JaffaCakes118
Size

41KB
Sample

240915-naq5pa1gkq
MD5

e259678bcae528f6b223d2cdf6dcb071
SHA1

6eafa22e263c1010fec325bc688331666790c06d
SHA256

1dc9a86a25b29d3af115ed70af3a5e8b7745f006b7eaee66fdb52c0a7ccfa5e7
SHA512

c8a08262b419858bfc1b0387c173d0ebd6cc325b96b7eaca0eb921badfd8dd11c4a321a9d363b93a27a51258dd3168dcca93209630a40a9bed88a1cb732f5023
SSDEEP

768:E1XYZk7JeaIOGvskbguLQlCqrD3vTLXnX7eKd5kTBj6J0C:O0k7JGskbv6DLXX9ABeJ0

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  e259678bcae528f6b223d2cdf6dcb071_JaffaCakes118
- Size
  
  41KB
- MD5
  
  e259678bcae528f6b223d2cdf6dcb071
- SHA1
  
  6eafa22e263c1010fec325bc688331666790c06d
- SHA256
  
  1dc9a86a25b29d3af115ed70af3a5e8b7745f006b7eaee66fdb52c0a7ccfa5e7
- SHA512
  
  c8a08262b419858bfc1b0387c173d0ebd6cc325b96b7eaca0eb921badfd8dd11c4a321a9d363b93a27a51258dd3168dcca93209630a40a9bed88a1cb732f5023
- SSDEEP
  
  768:E1XYZk7JeaIOGvskbguLQlCqrD3vTLXnX7eKd5kTBj6J0C:O0k7JGskbv6DLXX9ABeJ0
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence