Overview

overview

10

Static

static

3

393c92d44c...18.exe

windows7-x64

10

393c92d44c...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    393c92d44cd92289900e6fc5d6b1eb22_JaffaCakes118

  • Size

    172KB

  • Sample

    241012-kzqcxaxdnp

  • MD5

    393c92d44cd92289900e6fc5d6b1eb22

  • SHA1

    ec44af8dc341e234905f729008f0feaeaee504f4

  • SHA256

    9f7eeb42386db8b2afa33bd0d5bf4e64d2ac99ced6d42bfc0d00b4bf20a4752d

  • SHA512

    e848e2ed11e3e4f47627c58e7b74195856d76beff22406ff78599e1dcc4a1f1bc2a478cb5ccb83876290119965ad348d00c3c9cc72247ab78657071c877b5ee7

  • SSDEEP

    3072:QcO26I+5tPj5xqJFcoP8PdIuG8UvahsdcYX3UI2EuJ3im/ZCdady+RlTp/VYq63W:QT7zG2PBUyhsdEI2++M+RlTHYW

Score
10/10
discoverypersistence

Malware Config

Targets

    • Target

      393c92d44cd92289900e6fc5d6b1eb22_JaffaCakes118

    • Size

      172KB

    • MD5

      393c92d44cd92289900e6fc5d6b1eb22

    • SHA1

      ec44af8dc341e234905f729008f0feaeaee504f4

    • SHA256

      9f7eeb42386db8b2afa33bd0d5bf4e64d2ac99ced6d42bfc0d00b4bf20a4752d

    • SHA512

      e848e2ed11e3e4f47627c58e7b74195856d76beff22406ff78599e1dcc4a1f1bc2a478cb5ccb83876290119965ad348d00c3c9cc72247ab78657071c877b5ee7

    • SSDEEP

      3072:QcO26I+5tPj5xqJFcoP8PdIuG8UvahsdcYX3UI2EuJ3im/ZCdady+RlTp/VYq63W:QT7zG2PBUyhsdEI2++M+RlTHYW

    Score
    10/10
    discoverypersistence

    • Modifies WinLogon for persistence

      persistence

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks