cb8ed16c1c8e437bccc24dba6c34753f06d9219e7be714523c04c8b359608e2d | Triage

Sharing

General

Target

eed53fec8226e1a3b0b94c4424515e88_JaffaCakes118
Size

246KB
Sample

240921-b39raazarp
MD5

eed53fec8226e1a3b0b94c4424515e88
SHA1

1500b4c1d6b5e2d33c0a2b78e2e845c9beb71096
SHA256

cb8ed16c1c8e437bccc24dba6c34753f06d9219e7be714523c04c8b359608e2d
SHA512

e0fd8a243b2d108bf3ea0f95b19844ca8e894f731e39d2ff83b9119998bde72c5dedf89da635aca7ab57158c4d1d0c556f835a6b8345f5b314479ebbf4ec584b
SSDEEP

6144:MxjSWVWqnhOVNFLciyG2TShNuSLQsr6gODNT:kVxnEVzEGvuiqDN

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  eed53fec8226e1a3b0b94c4424515e88_JaffaCakes118
- Size
  
  246KB
- MD5
  
  eed53fec8226e1a3b0b94c4424515e88
- SHA1
  
  1500b4c1d6b5e2d33c0a2b78e2e845c9beb71096
- SHA256
  
  cb8ed16c1c8e437bccc24dba6c34753f06d9219e7be714523c04c8b359608e2d
- SHA512
  
  e0fd8a243b2d108bf3ea0f95b19844ca8e894f731e39d2ff83b9119998bde72c5dedf89da635aca7ab57158c4d1d0c556f835a6b8345f5b314479ebbf4ec584b
- SSDEEP
  
  6144:MxjSWVWqnhOVNFLciyG2TShNuSLQsr6gODNT:kVxnEVzEGvuiqDN
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2