34f7065f95e343faa374b02bcdb01024f6e0181f79d64ca85d163fafa5df7c63 | Triage

Sharing

General

Target

11acb28cccee710bb7bf8c74fbe00e54_JaffaCakes118
Size

58KB
Sample

241004-d57qtasdll
MD5

11acb28cccee710bb7bf8c74fbe00e54
SHA1

72dbc5d1e3a22754ea26c19ea411f4f856130c15
SHA256

34f7065f95e343faa374b02bcdb01024f6e0181f79d64ca85d163fafa5df7c63
SHA512

48978e2b74c99d70e8c073a891a7b70b19e54d3043b79a8e3c69ddb7f7e8d9cc202a74caa8c028710d67812643b49a83b0807d146119e3b9a5f8f38d709b37b3
SSDEEP

1536:R9M8pxVgKb2nsAX1MXWLb+QlzCicqwyyu:XZ2sAFMXC3zrcqVy

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  11acb28cccee710bb7bf8c74fbe00e54_JaffaCakes118
- Size
  
  58KB
- MD5
  
  11acb28cccee710bb7bf8c74fbe00e54
- SHA1
  
  72dbc5d1e3a22754ea26c19ea411f4f856130c15
- SHA256
  
  34f7065f95e343faa374b02bcdb01024f6e0181f79d64ca85d163fafa5df7c63
- SHA512
  
  48978e2b74c99d70e8c073a891a7b70b19e54d3043b79a8e3c69ddb7f7e8d9cc202a74caa8c028710d67812643b49a83b0807d146119e3b9a5f8f38d709b37b3
- SSDEEP
  
  1536:R9M8pxVgKb2nsAX1MXWLb+QlzCicqwyyu:XZ2sAFMXC3zrcqVy
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2