52592a2bfedcd1ec09b3575b3e1e0c1368e3d1c26b350d7f8dbd5e34298dc690 | Triage

Sharing

General

Target

3045ffeff2972dc8c0ae36273839f9d9_JaffaCakes118
Size

42KB
Sample

241010-rg47nszapc
MD5

3045ffeff2972dc8c0ae36273839f9d9
SHA1

db0c0dd61d28fedd04f8e5e57a3cd033695ccfc8
SHA256

52592a2bfedcd1ec09b3575b3e1e0c1368e3d1c26b350d7f8dbd5e34298dc690
SHA512

41553823c7f67ac154d1c0108001c991c4957ecf67ec565505a31fe0b303bbf02bd24ea20f080d5fb2c1e1b6eb3581fa9175e55d831bcb78c7f15757de89719f
SSDEEP

384:rpcTPJTRb47dEbmltqyA6FVvQQVU+oE3lnjpb5tnmVz1UwNGbS:rCbJTWdEDgbvXF3lnjtrn0z/b

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  3045ffeff2972dc8c0ae36273839f9d9_JaffaCakes118
- Size
  
  42KB
- MD5
  
  3045ffeff2972dc8c0ae36273839f9d9
- SHA1
  
  db0c0dd61d28fedd04f8e5e57a3cd033695ccfc8
- SHA256
  
  52592a2bfedcd1ec09b3575b3e1e0c1368e3d1c26b350d7f8dbd5e34298dc690
- SHA512
  
  41553823c7f67ac154d1c0108001c991c4957ecf67ec565505a31fe0b303bbf02bd24ea20f080d5fb2c1e1b6eb3581fa9175e55d831bcb78c7f15757de89719f
- SSDEEP
  
  384:rpcTPJTRb47dEbmltqyA6FVvQQVU+oE3lnjpb5tnmVz1UwNGbS:rCbJTWdEDgbvXF3lnjtrn0z/b
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence