d36dff742f31494cfa367ca5386bc522bed1b48931dfead32b6bad895e366c0c | Triage

Sharing

General

Target

ee679e9bd72d8f41984738e6304d704b_JaffaCakes118
Size

244KB
Sample

240920-zp5geaxfrj
MD5

ee679e9bd72d8f41984738e6304d704b
SHA1

9671b25bc313f326da3b5bc8f9f2b479b618c634
SHA256

d36dff742f31494cfa367ca5386bc522bed1b48931dfead32b6bad895e366c0c
SHA512

f370548f6ba05d45b81630be1f8c0524939a4fdf87b1804b8f0e667908b2bc54f3a5e86045fa139655d132b3dde4914bf0bc087ea484c25c97ccdccda2be9a14
SSDEEP

6144:qM7BjzGVYibYEI73IL28HugLFte+VtY0:Z7RaYUYEILj8lXeW

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  ee679e9bd72d8f41984738e6304d704b_JaffaCakes118
- Size
  
  244KB
- MD5
  
  ee679e9bd72d8f41984738e6304d704b
- SHA1
  
  9671b25bc313f326da3b5bc8f9f2b479b618c634
- SHA256
  
  d36dff742f31494cfa367ca5386bc522bed1b48931dfead32b6bad895e366c0c
- SHA512
  
  f370548f6ba05d45b81630be1f8c0524939a4fdf87b1804b8f0e667908b2bc54f3a5e86045fa139655d132b3dde4914bf0bc087ea484c25c97ccdccda2be9a14
- SSDEEP
  
  6144:qM7BjzGVYibYEI73IL28HugLFte+VtY0:Z7RaYUYEILj8lXeW
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2