9ddd3e195799809656459e765eaebea26afb8a790588f42bf989e62e9cbe8e4d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c23ccb174c3bbaee427012fe4299fe7_JaffaCakes118
Size

64KB
Sample

241002-x2e16ssekq
MD5

0c23ccb174c3bbaee427012fe4299fe7
SHA1

e15d6feb188f6abe04af41a732b6e2d90a8b5568
SHA256

9ddd3e195799809656459e765eaebea26afb8a790588f42bf989e62e9cbe8e4d
SHA512

83ea6152601863e6b9c72bb07b5d15939a237ecbd634c9eee3d5d1c03e4d3055a3646b689b6d278ead485164286cbd2287a6e59812fe11ccd450239e272be3eb
SSDEEP

768:dbkZ9ZcJ/xjbJFS+WXqmQ03nNxOfvcDryk42O4tQSeN8LdOtW9m6g/yb0yQXB:Na0JxjbJbk/jDrF1Z5OamP/

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  0c23ccb174c3bbaee427012fe4299fe7_JaffaCakes118
- Size
  
  64KB
- MD5
  
  0c23ccb174c3bbaee427012fe4299fe7
- SHA1
  
  e15d6feb188f6abe04af41a732b6e2d90a8b5568
- SHA256
  
  9ddd3e195799809656459e765eaebea26afb8a790588f42bf989e62e9cbe8e4d
- SHA512
  
  83ea6152601863e6b9c72bb07b5d15939a237ecbd634c9eee3d5d1c03e4d3055a3646b689b6d278ead485164286cbd2287a6e59812fe11ccd450239e272be3eb
- SSDEEP
  
  768:dbkZ9ZcJ/xjbJFS+WXqmQ03nNxOfvcDryk42O4tQSeN8LdOtW9m6g/yb0yQXB:Na0JxjbJbk/jDrF1Z5OamP/
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2