64512b2f5c92944c083cd7d09d7352d2936d95e46443ac0d80ae0096336a00e4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b1128fa2d572d8e9696aad97c5d5062_JaffaCakes118
Size

88KB
Sample

241002-rj2jkazgrq
MD5

0b1128fa2d572d8e9696aad97c5d5062
SHA1

24d137bcdcae4365b4c832f441a8bbdaec591bd2
SHA256

64512b2f5c92944c083cd7d09d7352d2936d95e46443ac0d80ae0096336a00e4
SHA512

2a3964b1f209db41ff356db7bd87909e2648a0a254332f677a6cdc025f19c60f5d15938a65099dd673069fbed99c945698097f63689c10c96e361e9f814ca4a0
SSDEEP

1536:Way0J8WzC/48ygbclM55vq3PVYGaLnkZIFxz3sZBIT:ty9KCJygbPudYRne258a

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  0b1128fa2d572d8e9696aad97c5d5062_JaffaCakes118
- Size
  
  88KB
- MD5
  
  0b1128fa2d572d8e9696aad97c5d5062
- SHA1
  
  24d137bcdcae4365b4c832f441a8bbdaec591bd2
- SHA256
  
  64512b2f5c92944c083cd7d09d7352d2936d95e46443ac0d80ae0096336a00e4
- SHA512
  
  2a3964b1f209db41ff356db7bd87909e2648a0a254332f677a6cdc025f19c60f5d15938a65099dd673069fbed99c945698097f63689c10c96e361e9f814ca4a0
- SSDEEP
  
  1536:Way0J8WzC/48ygbclM55vq3PVYGaLnkZIFxz3sZBIT:ty9KCJygbPudYRne258a
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence