e4b9f822eac7352899161625156adbc84b10cbd2b48354952266d10a0148a9e1 | Triage

Sharing

General

Target

55e221d04790da7592ff6d38fade8c18_JaffaCakes118
Size

369KB
Sample

241018-gxn6aavapq
MD5

55e221d04790da7592ff6d38fade8c18
SHA1

b2c62c90c3a26efca0f6212184b27208f06adf32
SHA256

e4b9f822eac7352899161625156adbc84b10cbd2b48354952266d10a0148a9e1
SHA512

f8b7baa0321a8f20778f67de862f8070d677349e8c43843ecba5806accd2b4179888ff2c46d03e8b17c3e49d42dda869b69e90780ff9cb85e51247f3e41f6625
SSDEEP

6144:OPIkqsOMJGL4ku5VcHPLOwKwQ9F8jAZvXtvl/C99YAlJHoZDuV053PoVg8:LjsdJ2u5eTOwVE8UVXtvc9tnIVuun8

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  55e221d04790da7592ff6d38fade8c18_JaffaCakes118
- Size
  
  369KB
- MD5
  
  55e221d04790da7592ff6d38fade8c18
- SHA1
  
  b2c62c90c3a26efca0f6212184b27208f06adf32
- SHA256
  
  e4b9f822eac7352899161625156adbc84b10cbd2b48354952266d10a0148a9e1
- SHA512
  
  f8b7baa0321a8f20778f67de862f8070d677349e8c43843ecba5806accd2b4179888ff2c46d03e8b17c3e49d42dda869b69e90780ff9cb85e51247f3e41f6625
- SSDEEP
  
  6144:OPIkqsOMJGL4ku5VcHPLOwKwQ9F8jAZvXtvl/C99YAlJHoZDuV053PoVg8:LjsdJ2u5eTOwVE8UVXtvc9tnIVuun8
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence