2627bf434fdf10175d757e943cc3e0aee8390df466e3d83a206b2d8fb4c99689 | Triage

Sharing

General

Target

ee873f59f82796a560fc76ee912bbbc9_JaffaCakes118
Size

330KB
Sample

240920-15979s1cpa
MD5

ee873f59f82796a560fc76ee912bbbc9
SHA1

a193cf6f75d9bea87a10c81981fc5ce2d1011cb6
SHA256

2627bf434fdf10175d757e943cc3e0aee8390df466e3d83a206b2d8fb4c99689
SHA512

aa24601ece7962a9423f3ad73b138e3c40f663534f683ff2ad726d8f40c93defc716d0e4a3e25bfc319abdbf3f497271aa9a8a71af19d1c5225a8ab8cb63df1a
SSDEEP

6144:XWit0amNbcdbk6CZAMHOST+BKwNvG5Cp42CZmEVfU0tYhFIdqiEFpvU7/:mRamhKCZAMHDC7N/p5C8dFIERM

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  ee873f59f82796a560fc76ee912bbbc9_JaffaCakes118
- Size
  
  330KB
- MD5
  
  ee873f59f82796a560fc76ee912bbbc9
- SHA1
  
  a193cf6f75d9bea87a10c81981fc5ce2d1011cb6
- SHA256
  
  2627bf434fdf10175d757e943cc3e0aee8390df466e3d83a206b2d8fb4c99689
- SHA512
  
  aa24601ece7962a9423f3ad73b138e3c40f663534f683ff2ad726d8f40c93defc716d0e4a3e25bfc319abdbf3f497271aa9a8a71af19d1c5225a8ab8cb63df1a
- SSDEEP
  
  6144:XWit0amNbcdbk6CZAMHOST+BKwNvG5Cp42CZmEVfU0tYhFIdqiEFpvU7/:mRamhKCZAMHDC7N/p5C8dFIERM
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2