dda83af9b208fa4569fcdff9bcbf3733258ca9c66422224858a6f17c55650020 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ece28435d654a94289c082b9def42d7_JaffaCakes118
Size

83KB
Sample

241003-khjtssthnp
MD5

0ece28435d654a94289c082b9def42d7
SHA1

7130ae9e369a83367d87632b70bd74ec7931cc7d
SHA256

dda83af9b208fa4569fcdff9bcbf3733258ca9c66422224858a6f17c55650020
SHA512

b92720580431d9e3dd9f2175c8d6ec366347b5e15c30a90f35e779a32e0a245f3f68ee648fff0fdf052d8ebbec393c6f4f42a002f5187e4329ccfe6f6b9a35c6
SSDEEP

1536:OrU09mP9pMiFGNUa4KcWnWACk603Te0tl3n:sU09uUTKa4RWWAC90ial3

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  0ece28435d654a94289c082b9def42d7_JaffaCakes118
- Size
  
  83KB
- MD5
  
  0ece28435d654a94289c082b9def42d7
- SHA1
  
  7130ae9e369a83367d87632b70bd74ec7931cc7d
- SHA256
  
  dda83af9b208fa4569fcdff9bcbf3733258ca9c66422224858a6f17c55650020
- SHA512
  
  b92720580431d9e3dd9f2175c8d6ec366347b5e15c30a90f35e779a32e0a245f3f68ee648fff0fdf052d8ebbec393c6f4f42a002f5187e4329ccfe6f6b9a35c6
- SSDEEP
  
  1536:OrU09mP9pMiFGNUa4KcWnWACk603Te0tl3n:sU09uUTKa4RWWAC90ial3
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2