b9a62f1fc12eb2a208b57527e8996b1dcba5e5eee168cbe7ca579cf4ff22e4b1 | Triage

Sharing

General

Target

1560c3092488ea22c95289a72aaf0020_JaffaCakes118
Size

108KB
Sample

241004-3yjsvatcmj
MD5

1560c3092488ea22c95289a72aaf0020
SHA1

8467206e5034239a8db09fe505a63a14723302bd
SHA256

b9a62f1fc12eb2a208b57527e8996b1dcba5e5eee168cbe7ca579cf4ff22e4b1
SHA512

6a60afcc2e18ee7ebe2b08e1318656287f12c7869622d5fe5ef9e90fbe6e023da2196a533c71e99a675158e7bab8763f579c941b0eac91bb8b27c32eaccd2ad4
SSDEEP

1536:ElbyN0tna2La5EP+cUMvmdPQcjVxoTBX+qhxB6UTeT1QzKwa+/KzBvcy6R:cbNFX2cUrjVmJ+qx6USJQydvc1

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  1560c3092488ea22c95289a72aaf0020_JaffaCakes118
- Size
  
  108KB
- MD5
  
  1560c3092488ea22c95289a72aaf0020
- SHA1
  
  8467206e5034239a8db09fe505a63a14723302bd
- SHA256
  
  b9a62f1fc12eb2a208b57527e8996b1dcba5e5eee168cbe7ca579cf4ff22e4b1
- SHA512
  
  6a60afcc2e18ee7ebe2b08e1318656287f12c7869622d5fe5ef9e90fbe6e023da2196a533c71e99a675158e7bab8763f579c941b0eac91bb8b27c32eaccd2ad4
- SSDEEP
  
  1536:ElbyN0tna2La5EP+cUMvmdPQcjVxoTBX+qhxB6UTeT1QzKwa+/KzBvcy6R:cbNFX2cUrjVmJ+qx6USJQydvc1
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2