f4ad9c256f6eb3a2b7631bfa3d8e7490f29e6953447fc43556a9988a94b39b51 | Triage

Sharing

General

Target

0f48ee11f8ad24456b28c36328990d29_JaffaCakes118
Size

42KB
Sample

241003-se9j2s1fpq
MD5

0f48ee11f8ad24456b28c36328990d29
SHA1

b6f0acf24bd786d6980c7b51b4467ab4ab05fad2
SHA256

f4ad9c256f6eb3a2b7631bfa3d8e7490f29e6953447fc43556a9988a94b39b51
SHA512

2c362f22b02ff4ba5afcd00e4f2e7ef8464debb0c49b7ff35940261f27714152812dd8f36a55c4815accf7279db1c3f33ca111cf83e08a4936d7029f3f62844f
SSDEEP

768:ASACC8hWynMk44XiXNMSq5WXzYto1rPc5X1MwdQWf+cdP+8Y/8wf:ASAKO4SXNJftrtwdlf+Kwf

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  0f48ee11f8ad24456b28c36328990d29_JaffaCakes118
- Size
  
  42KB
- MD5
  
  0f48ee11f8ad24456b28c36328990d29
- SHA1
  
  b6f0acf24bd786d6980c7b51b4467ab4ab05fad2
- SHA256
  
  f4ad9c256f6eb3a2b7631bfa3d8e7490f29e6953447fc43556a9988a94b39b51
- SHA512
  
  2c362f22b02ff4ba5afcd00e4f2e7ef8464debb0c49b7ff35940261f27714152812dd8f36a55c4815accf7279db1c3f33ca111cf83e08a4936d7029f3f62844f
- SSDEEP
  
  768:ASACC8hWynMk44XiXNMSq5WXzYto1rPc5X1MwdQWf+cdP+8Y/8wf:ASAKO4SXNJftrtwdlf+Kwf
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence