d24b2b7f9e420fa4462c7479ff9b35ec8990dbe552195eed194db3b540a4ebb9 | Triage

Sharing

General

Target

eab1398452187ca8dd88465c5447b54d_JaffaCakes118
Size

64KB
Sample

240919-gejsvatenp
MD5

eab1398452187ca8dd88465c5447b54d
SHA1

49739489a4f24323c885ccc94d9b3ee7b5fe97c8
SHA256

d24b2b7f9e420fa4462c7479ff9b35ec8990dbe552195eed194db3b540a4ebb9
SHA512

48fec043abaa59a0b3d981a2eeb3b1d5a3aecb09645c9a730ebe88de769c106b8d9a1def3926dea6e4d8069de00562f21d710b7b8322ce62e6cb3d78fbfeaa9c
SSDEEP

768:p+jQbpOhCU/JefrPjHgYaO/CSCMC0rWIAbpAtxUr6UXFZrwohHn8lX3PinPlo8h1:p+jQbU4fHXHCMWX5XP5GXqquusal4y8l

Score

10^/10

discovery persistence upx

Malware Config

Targets

- Target
  
  eab1398452187ca8dd88465c5447b54d_JaffaCakes118
- Size
  
  64KB
- MD5
  
  eab1398452187ca8dd88465c5447b54d
- SHA1
  
  49739489a4f24323c885ccc94d9b3ee7b5fe97c8
- SHA256
  
  d24b2b7f9e420fa4462c7479ff9b35ec8990dbe552195eed194db3b540a4ebb9
- SHA512
  
  48fec043abaa59a0b3d981a2eeb3b1d5a3aecb09645c9a730ebe88de769c106b8d9a1def3926dea6e4d8069de00562f21d710b7b8322ce62e6cb3d78fbfeaa9c
- SSDEEP
  
  768:p+jQbpOhCU/JefrPjHgYaO/CSCMC0rWIAbpAtxUr6UXFZrwohHn8lX3PinPlo8h1:p+jQbU4fHXHCMWX5XP5GXqquusal4y8l
Score

10^/10

discovery persistence upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceupx

behavioral2

discoverypersistenceupx