8d18f168aab04cdb3f6c4c5e121c31f884bbe091a468838ca4edcf1be5aacfe9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29b3e3f34e392a9b852ea1c9fa75b029_JaffaCakes118
Size

58KB
Sample

241009-dllz1aybpq
MD5

29b3e3f34e392a9b852ea1c9fa75b029
SHA1

9e3dc328b9949e9b60589fad248ba11e85a873da
SHA256

8d18f168aab04cdb3f6c4c5e121c31f884bbe091a468838ca4edcf1be5aacfe9
SHA512

2784368f3b70618b0bb2400422e7e80e1b53ef9378f20a5f3f0da0df42d447caaa9ce6c02f3efd650ca5d38e56fe24a1c4c0c21a92c711485b3b95980488c002
SSDEEP

768:LeL66DO30vAY3Ejt6PfHxOLCMJ2lM5M4FyXEI2vC7DUExDOZssGH3c:Le2pkvnG6P4LCMJ2l1gWEHUUsOZst

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  29b3e3f34e392a9b852ea1c9fa75b029_JaffaCakes118
- Size
  
  58KB
- MD5
  
  29b3e3f34e392a9b852ea1c9fa75b029
- SHA1
  
  9e3dc328b9949e9b60589fad248ba11e85a873da
- SHA256
  
  8d18f168aab04cdb3f6c4c5e121c31f884bbe091a468838ca4edcf1be5aacfe9
- SHA512
  
  2784368f3b70618b0bb2400422e7e80e1b53ef9378f20a5f3f0da0df42d447caaa9ce6c02f3efd650ca5d38e56fe24a1c4c0c21a92c711485b3b95980488c002
- SSDEEP
  
  768:LeL66DO30vAY3Ejt6PfHxOLCMJ2lM5M4FyXEI2vC7DUExDOZssGH3c:Le2pkvnG6P4LCMJ2l1gWEHUUsOZst
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2