Overview
overview
8Static
static
3Logon Work...er.exe
windows7-x64
3Logon Work...er.exe
windows10-2004-x64
3Logon Work...ke.bat
windows7-x64
8Logon Work...ke.bat
windows10-2004-x64
8Logon Work...ib.dll
windows7-x64
1Logon Work...ib.dll
windows10-2004-x64
1Logon Work...op.exe
windows7-x64
3Logon Work...op.exe
windows10-2004-x64
3Logon Work...st.exe
windows7-x64
1Logon Work...st.exe
windows10-2004-x64
1Logon Work....url
windows7-x64
1Logon Work....url
windows10-2004-x64
1General
-
Target
376c5844cd89ac279f0d6fe59951fa2f_JaffaCakes118
-
Size
8.7MB
-
Sample
241011-3tadlsvglr
-
MD5
376c5844cd89ac279f0d6fe59951fa2f
-
SHA1
39904b031876baf3b9298a4e295f09e2853f0e44
-
SHA256
fab1a8843e4a41e7321a8ca8f72c7b5c20ec60b979b75e4ac5907f08142fc3da
-
SHA512
3ae29010a179a2282570cf011ef306f3ea29a4208b651f9568da159efbad2ae5c53e272092298211723bdcc47cb20cb127e1dd62a5fdef1aac69d34b8694df80
-
SSDEEP
196608:RS5bbrcx5oCRygmjvQDP2XRVNyvhLcJfJauU6lhUvPuGVd/U4OLyhqm3Wjxar4UH:4do5xygmjoT2hokou9bUvPu2tOLyU0Ws
Static task
static1
Behavioral task
behavioral1
Sample
Logon Workshop/Apply/ResHacker.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Logon Workshop/Apply/ResHacker.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Logon Workshop/Apply/toke.bat
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
Logon Workshop/Apply/toke.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Logon Workshop/ICSharpCode.SharpZipLib.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
Logon Workshop/ICSharpCode.SharpZipLib.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Logon Workshop/Logon WorkShop.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Logon Workshop/Logon WorkShop.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Logon Workshop/Logon WorkShop.vshost.exe
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
Logon Workshop/Logon WorkShop.vshost.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Logon Workshop/.url
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Logon Workshop/.url
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Logon Workshop/Apply/ResHacker.exe
-
Size
917KB
-
MD5
a7f85126bc2f475a249004e46a59bba9
-
SHA1
c1311ee6c8acbc849f66dced5a1c5f925f12bea2
-
SHA256
94f3c576c6417397a3e6041ad9818773eb0f02235e0e591b68740fd06ba2c07e
-
SHA512
eb331e9cfae7688c21bd36896ace64872177c6fb5c617c4bc5e1c520771333fbff73c4a4f1e41369da6cc4397df5487ad08cfae50a3c139bd576a97adc8538d2
-
SSDEEP
24576:v6wVCzymgQO1/8VW6tRpwHZ7v7lXCwLwS2xIGVNeTvc:v6hjgQO1/8+X+xIWeTE
Score3/10 -
-
-
Target
Logon Workshop/Apply/toke.bat
-
Size
407B
-
MD5
046ba1a43e5140f4b15eea6d1125664e
-
SHA1
ac3acb378cd948faee55a9ebe6a9d29a74bcaeb9
-
SHA256
2125ff943e054d96a877212be8e802d1bfc9901ddb596aa93e9a304c832f64dc
-
SHA512
e4a2f82cf1f4f954c0b11e169719b8d3403288e29f5c71d38b88d9015379691c46aa2a244e505826d25321718e5f23b5081923e78cf244413f285e3ea1c8c42c
Score8/10-
Possible privilege escalation attempt
-
Modifies file permissions
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
-
-
Target
Logon Workshop/ICSharpCode.SharpZipLib.dll
-
Size
220KB
-
MD5
80ced02f62658271eb557cad83148b8e
-
SHA1
76ad1167288d662f96c72fad60f3ee268121c3b3
-
SHA256
afaf833939ae2838512f1d8c9f57c38e32a8ffde90c9c9450c32edd1e029cb9a
-
SHA512
48b4d8da12d5ae137229c8851d0eafbf9c503ed65be0790a2f138f99b3443297610a1dd3026b709b0ed140a7910cc86f22d0aaa97b023516cafe4614e7da212e
-
SSDEEP
3072:bnpIrAK7+kuAu25bPKuX8vCshUxJhFDeSikLIV9w/CwwSwi5Ygd6L+IxkY4AzxJp:arIdADbd7V0kLIXViwi93
Score1/10 -
-
-
Target
Logon Workshop/Logon WorkShop.exe
-
Size
1.1MB
-
MD5
794491e55493dabdd8efb15202e171c2
-
SHA1
888d60179d081de33950e62b4064261add397579
-
SHA256
dfb711a844df386b144a61144a6139e8f05f8c9434494ac71602f54da797da90
-
SHA512
78e405dcaad9fb2d8d33526d6245689278afe40a50f9c4ea5693127ae613e433ecd48c07712043c3d9c729c2b15cd3ad5ebcfc31ed335dcb3fe378dcd7cea52b
-
SSDEEP
12288:Oy7hCgaRLoYjU4PI88w/RBRfSEMCXPzdHfrI5C80AYGa17SiMmGobF0/:OPIg39SkzdHfr1uYNTZp0/
Score3/10 -
-
-
Target
Logon Workshop/Logon WorkShop.vshost.exe
-
Size
13KB
-
MD5
99f9b3ab8971e77b5c93864ee0a7b97d
-
SHA1
5ddc58cfb6d68a03c4201889819163abcf0f4ec5
-
SHA256
c7b2e4e4fb2fcc44c953673ff57c3d14bdf5d2008f35e9a84c2a11735f2d268f
-
SHA512
b1723e0d5707a5b7faeba6c3e11d6fbcb57c51af1368d8ac18cc7030f0de44ed9a53b38a1ed0ca6cb19a1a5f00b1172484060cbddc8f343c76ce39ef10bd9b72
-
SSDEEP
192:HSgRxBcWLVmWUo6oEQKPnEt2yt8mGafdjIafdjShj7NoVE8I:J72WhmWRnELKt8HafdjIafdjcj3F
Score1/10 -
-
-
Target
Logon Workshop/.url
-
Size
210B
-
MD5
339ecc97cda3d35f18e90e9c727af4ef
-
SHA1
5db53dc8c29a949787cafd6f90a05d73fb7c5377
-
SHA256
649a8ff45f31d14248687850657b6814ba3b8ce566bc15362ea9ed10fed39ff2
-
SHA512
8ce8edeb7a1b0914ca4e00a2b825b60de3074a6588d751bccb7711f8e71ddd7c20aae25c345faa7cb188cd21a72cd254337c5ebe82ec27e20c287c2ea71333a2
Score1/10 -