5d9c83a334d92d757d4fa6d8ec79d81ccd8ef26a93c6ff523aa16cd170fcd0bd | Triage

Sharing

General

Target

ed292a5f700bf1ac7456814f5946db1f_JaffaCakes118
Size

1.0MB
Sample

240920-jxwapsxajk
MD5

ed292a5f700bf1ac7456814f5946db1f
SHA1

a4cfcf5778f78a26c7b7b53e22724b392e1efaae
SHA256

5d9c83a334d92d757d4fa6d8ec79d81ccd8ef26a93c6ff523aa16cd170fcd0bd
SHA512

835dc1c16172e55969732a68234ccecc3e84565d88d8ea9da2cd6eba1789ceaaae197061d3a77d7f9ee46af2f633418039dc7867f26ab885715af32163f115ad
SSDEEP

24576:eNPKjlH+7uaCPmOdMio+vMIzvk33glRTPJM8:ll4rCPmOCiBNkA/Jv

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  ed292a5f700bf1ac7456814f5946db1f_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  ed292a5f700bf1ac7456814f5946db1f
- SHA1
  
  a4cfcf5778f78a26c7b7b53e22724b392e1efaae
- SHA256
  
  5d9c83a334d92d757d4fa6d8ec79d81ccd8ef26a93c6ff523aa16cd170fcd0bd
- SHA512
  
  835dc1c16172e55969732a68234ccecc3e84565d88d8ea9da2cd6eba1789ceaaae197061d3a77d7f9ee46af2f633418039dc7867f26ab885715af32163f115ad
- SSDEEP
  
  24576:eNPKjlH+7uaCPmOdMio+vMIzvk33glRTPJM8:ll4rCPmOCiBNkA/Jv
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence