d7d9a3a20c6b18326eea28d5634e3d9b93e459b8adaf5fc93ad44a37cae07991 | Triage

Sharing

General

Target

0837e03363624724cc20a00f4ee4fa57_JaffaCakes118
Size

823KB
Sample

241002-bn3dnatejc
MD5

0837e03363624724cc20a00f4ee4fa57
SHA1

3698c034fa3bc1754fcca06f11fd87185d5101f6
SHA256

d7d9a3a20c6b18326eea28d5634e3d9b93e459b8adaf5fc93ad44a37cae07991
SHA512

a67fee7bbc4fcbd324df26358d5d0ca8889c40b3532cbe99c85b471ed744f0609f522761bad13ec2e27747fd5744ac19c1f29e938a42b433703d0805cf2d175c
SSDEEP

12288:9X/eOyaiq38GMQJ1ypmbX/eOyaiq38GMQJ1yuXq:9X/eO4qsMJ1y2X/eO4qsMJ1yuXq

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  0837e03363624724cc20a00f4ee4fa57_JaffaCakes118
- Size
  
  823KB
- MD5
  
  0837e03363624724cc20a00f4ee4fa57
- SHA1
  
  3698c034fa3bc1754fcca06f11fd87185d5101f6
- SHA256
  
  d7d9a3a20c6b18326eea28d5634e3d9b93e459b8adaf5fc93ad44a37cae07991
- SHA512
  
  a67fee7bbc4fcbd324df26358d5d0ca8889c40b3532cbe99c85b471ed744f0609f522761bad13ec2e27747fd5744ac19c1f29e938a42b433703d0805cf2d175c
- SSDEEP
  
  12288:9X/eOyaiq38GMQJ1ypmbX/eOyaiq38GMQJ1yuXq:9X/eO4qsMJ1y2X/eO4qsMJ1yuXq
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence