ad7b0513a6637e12b8ccfadff5b225df864cfeab8ec753fff8596f80520243ea | Triage

Sharing

General

Target

45aa6a3d99fb88b0a377cfb427c91b40_JaffaCakes118
Size

96KB
Sample

241015-d9s38asgrg
MD5

45aa6a3d99fb88b0a377cfb427c91b40
SHA1

0b50b77df0668bc85744405de3ec46ce7200a258
SHA256

ad7b0513a6637e12b8ccfadff5b225df864cfeab8ec753fff8596f80520243ea
SHA512

8aa00bef6b5e049d0515414c45968aa8acbe26547ca7f8e6c1e94f82b846e96963650de19b9b890a8fff0145d169eccb81866f210642dc63ad26c8d19930c59f
SSDEEP

1536:ZO8UxFkIaoq+JxpfcRUuo4veQr3b/YbhZOu8DyFKCuhiXqAwl43VmTN:ukrbecR84veQr0LOuHFDuhiXqAwl430x

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  45aa6a3d99fb88b0a377cfb427c91b40_JaffaCakes118
- Size
  
  96KB
- MD5
  
  45aa6a3d99fb88b0a377cfb427c91b40
- SHA1
  
  0b50b77df0668bc85744405de3ec46ce7200a258
- SHA256
  
  ad7b0513a6637e12b8ccfadff5b225df864cfeab8ec753fff8596f80520243ea
- SHA512
  
  8aa00bef6b5e049d0515414c45968aa8acbe26547ca7f8e6c1e94f82b846e96963650de19b9b890a8fff0145d169eccb81866f210642dc63ad26c8d19930c59f
- SSDEEP
  
  1536:ZO8UxFkIaoq+JxpfcRUuo4veQr3b/YbhZOu8DyFKCuhiXqAwl43VmTN:ukrbecR84veQr0LOuHFDuhiXqAwl430x
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2