37ef7042e74a335d3b7d2e17681298e93fa4acf275c04e6b0c6931b7f889a58c | Triage

Sharing

General

Target

119ee71e25a697108be6ddb38e7f25c0_JaffaCakes118
Size

54KB
Sample

241004-dtw5ya1gpl
MD5

119ee71e25a697108be6ddb38e7f25c0
SHA1

b9129bb81cc3d3e658c3c72e4ec1874fc855043d
SHA256

37ef7042e74a335d3b7d2e17681298e93fa4acf275c04e6b0c6931b7f889a58c
SHA512

efc3d465a4cd72d1d81a9e555ee1c65eab375bd6c91a5e45353047ddde5cf6b26543707289d8d3280b8d0dee992f581db4b01c1124123e644009745eb57cabd9
SSDEEP

1536:TUwr5pOmXU2AYg5bMrR/hIkZlGWXl+OhJR:TUAfr8beRHGWXl+eR

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  119ee71e25a697108be6ddb38e7f25c0_JaffaCakes118
- Size
  
  54KB
- MD5
  
  119ee71e25a697108be6ddb38e7f25c0
- SHA1
  
  b9129bb81cc3d3e658c3c72e4ec1874fc855043d
- SHA256
  
  37ef7042e74a335d3b7d2e17681298e93fa4acf275c04e6b0c6931b7f889a58c
- SHA512
  
  efc3d465a4cd72d1d81a9e555ee1c65eab375bd6c91a5e45353047ddde5cf6b26543707289d8d3280b8d0dee992f581db4b01c1124123e644009745eb57cabd9
- SSDEEP
  
  1536:TUwr5pOmXU2AYg5bMrR/hIkZlGWXl+OhJR:TUAfr8beRHGWXl+eR
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2