1d03483f93d3904400d5c6dc257545100594e4eff2f50ac124322ce1bb63e476 | Triage

Sharing

General

Target

ee690d45c6c6dfda4f3770e11997cc80_JaffaCakes118
Size

70KB
Sample

240920-zsep6axfla
MD5

ee690d45c6c6dfda4f3770e11997cc80
SHA1

43a92e3c0d7de937233e2e1e9c41412440ec3e8b
SHA256

1d03483f93d3904400d5c6dc257545100594e4eff2f50ac124322ce1bb63e476
SHA512

027c9bc5ba1d532dc630c17d3eebc7971acb7e965051c9c219ffb932168d32f68616186ead7239e25923df15ec52ea319abac8e86501ea828af6f83645f4cbb3
SSDEEP

768:iOMyZ4uJDwuZHiu83fejzwLjmo8hrCv7/Dl0HLSf8tLBs5tc6Eq2mMLjHxXoiuLr:iqXJDzHirm/kKoW6Dl0HReaFRc

Score

10^/10

discovery persistence upx

Malware Config

Targets

- Target
  
  ee690d45c6c6dfda4f3770e11997cc80_JaffaCakes118
- Size
  
  70KB
- MD5
  
  ee690d45c6c6dfda4f3770e11997cc80
- SHA1
  
  43a92e3c0d7de937233e2e1e9c41412440ec3e8b
- SHA256
  
  1d03483f93d3904400d5c6dc257545100594e4eff2f50ac124322ce1bb63e476
- SHA512
  
  027c9bc5ba1d532dc630c17d3eebc7971acb7e965051c9c219ffb932168d32f68616186ead7239e25923df15ec52ea319abac8e86501ea828af6f83645f4cbb3
- SSDEEP
  
  768:iOMyZ4uJDwuZHiu83fejzwLjmo8hrCv7/Dl0HLSf8tLBs5tc6Eq2mMLjHxXoiuLr:iqXJDzHirm/kKoW6Dl0HReaFRc
Score

10^/10

discovery persistence upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceupx

behavioral2

discoverypersistenceupx