e67142e58a5e4cbe3c4a229f94dcf66327a8f35239b54d3a3203650550ae9ce6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2837d1f096434ec10931befc350146f6_JaffaCakes118
Size

549KB
Sample

241009-bhzeta1dph
MD5

2837d1f096434ec10931befc350146f6
SHA1

7827cc80f5e6f27862ac2c9404ab6d435ec7bb70
SHA256

e67142e58a5e4cbe3c4a229f94dcf66327a8f35239b54d3a3203650550ae9ce6
SHA512

0f7d9c9774ef840dba5064b40d972a384a53e9025beb2c9de831adaa2d38c47af733fa3e77f2dac0fcc9bd47b64f6057d3d78cde7a353aace7479f602cc825c5
SSDEEP

12288:fhpmuOtohuJqvs60yDfpmq+UGH1bU43hAb63KMed:fhX4bryDhmXH3Sb6Cd

Score

10^/10

discovery persistence upx

Malware Config

Targets

- Target
  
  2837d1f096434ec10931befc350146f6_JaffaCakes118
- Size
  
  549KB
- MD5
  
  2837d1f096434ec10931befc350146f6
- SHA1
  
  7827cc80f5e6f27862ac2c9404ab6d435ec7bb70
- SHA256
  
  e67142e58a5e4cbe3c4a229f94dcf66327a8f35239b54d3a3203650550ae9ce6
- SHA512
  
  0f7d9c9774ef840dba5064b40d972a384a53e9025beb2c9de831adaa2d38c47af733fa3e77f2dac0fcc9bd47b64f6057d3d78cde7a353aace7479f602cc825c5
- SSDEEP
  
  12288:fhpmuOtohuJqvs60yDfpmq+UGH1bU43hAb63KMed:fhX4bryDhmXH3Sb6Cd
Score

10^/10

upx discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistenceupx