de88ab6343e9b9d75e127c3f54814280c7584d501794087596c7cf1c12e66b84 | Triage

Sharing

General

Target

42cbdd97fff40fcf0a252a9b06fd277e_JaffaCakes118
Size

283KB
Sample

241014-sjq89s1bnf
MD5

42cbdd97fff40fcf0a252a9b06fd277e
SHA1

7367bcc11ce0d8eb2e761caf29be9ba446f771c2
SHA256

de88ab6343e9b9d75e127c3f54814280c7584d501794087596c7cf1c12e66b84
SHA512

d3bacd591f30818822e0df524357427b8adb6726c1497eb4a24bf4745cdd7cb9299e5deda56ea9a88616419015031ec66d186b7af09c6bcc40223bf5c09fda31
SSDEEP

6144:2hsG+CqZAMLCtVCJxjJu8+pWm80QvEHOu5xbkV:2hsG+vAkCzKj+f8ww

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  42cbdd97fff40fcf0a252a9b06fd277e_JaffaCakes118
- Size
  
  283KB
- MD5
  
  42cbdd97fff40fcf0a252a9b06fd277e
- SHA1
  
  7367bcc11ce0d8eb2e761caf29be9ba446f771c2
- SHA256
  
  de88ab6343e9b9d75e127c3f54814280c7584d501794087596c7cf1c12e66b84
- SHA512
  
  d3bacd591f30818822e0df524357427b8adb6726c1497eb4a24bf4745cdd7cb9299e5deda56ea9a88616419015031ec66d186b7af09c6bcc40223bf5c09fda31
- SSDEEP
  
  6144:2hsG+CqZAMLCtVCJxjJu8+pWm80QvEHOu5xbkV:2hsG+vAkCzKj+f8ww
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence