186c62e83e001345606220d9c31df039a9efe7e860a401a439dedca68fd68535 | Triage

Sharing

General

Target

eebb516816fd7a52893462907abe1e88_JaffaCakes118
Size

1.3MB
Sample

240921-asj77swfja
MD5

eebb516816fd7a52893462907abe1e88
SHA1

6cb6d3bb589554765f7ad8e4509694a526622923
SHA256

186c62e83e001345606220d9c31df039a9efe7e860a401a439dedca68fd68535
SHA512

025da7a4f01de399bbed7f2e84f5ed31e83688535a90096450cdab9597fbeaa2577b8339bf52e5ddc62e2d621f3fc32af3ad9cafa954a9e2e05e6b0938f32e00
SSDEEP

24576:FuiB5DTybtCo64CQxd6aMDa6tTIRqUHzCycaU73EI8NOQ7i88H:FNe6QXaDaaTqwvoipH

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  eebb516816fd7a52893462907abe1e88_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  eebb516816fd7a52893462907abe1e88
- SHA1
  
  6cb6d3bb589554765f7ad8e4509694a526622923
- SHA256
  
  186c62e83e001345606220d9c31df039a9efe7e860a401a439dedca68fd68535
- SHA512
  
  025da7a4f01de399bbed7f2e84f5ed31e83688535a90096450cdab9597fbeaa2577b8339bf52e5ddc62e2d621f3fc32af3ad9cafa954a9e2e05e6b0938f32e00
- SSDEEP
  
  24576:FuiB5DTybtCo64CQxd6aMDa6tTIRqUHzCycaU73EI8NOQ7i88H:FNe6QXaDaaTqwvoipH
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence