e0817761b280243e3d230a79f22cb7f24fa38d975dcaf3630eb42641e829f3cf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c5b1386508288a179c8338cdbe68656_JaffaCakes118
Size

85KB
Sample

241012-2dfd9avcpb
MD5

3c5b1386508288a179c8338cdbe68656
SHA1

5d3ae1e3c78092586841994d35b825b8ddf91122
SHA256

e0817761b280243e3d230a79f22cb7f24fa38d975dcaf3630eb42641e829f3cf
SHA512

2cca19b7bc64b9c3ea30a0be76512ff17ce2d7635d49e090326f382816bfc27939ba146151c82966db59a679ef0934b728e1ec5e0698b2cf704800f87ba05f5b
SSDEEP

1536:8AQQgTDEDrGldZCyC6m+08FhbZ+yxVzMNkXV/3CsOaNo8:WIDCldZsGbY8zMCXQaNo8

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  3c5b1386508288a179c8338cdbe68656_JaffaCakes118
- Size
  
  85KB
- MD5
  
  3c5b1386508288a179c8338cdbe68656
- SHA1
  
  5d3ae1e3c78092586841994d35b825b8ddf91122
- SHA256
  
  e0817761b280243e3d230a79f22cb7f24fa38d975dcaf3630eb42641e829f3cf
- SHA512
  
  2cca19b7bc64b9c3ea30a0be76512ff17ce2d7635d49e090326f382816bfc27939ba146151c82966db59a679ef0934b728e1ec5e0698b2cf704800f87ba05f5b
- SSDEEP
  
  1536:8AQQgTDEDrGldZCyC6m+08FhbZ+yxVzMNkXV/3CsOaNo8:WIDCldZsGbY8zMCXQaNo8
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence