f000dc62a3ea2b4f89dfb827744b7470ced4fe9af7561207d17f100e42856f37 | Triage

Sharing

General

Target

JaffaCakes118_174ed39dd8c86cb8c42c3ab27aca5f10
Size

86KB
Sample

250222-e92wssymhk
MD5

174ed39dd8c86cb8c42c3ab27aca5f10
SHA1

10b54f5c424d89a2bdd4b60bdb7000663628b2f9
SHA256

f000dc62a3ea2b4f89dfb827744b7470ced4fe9af7561207d17f100e42856f37
SHA512

a2a9b71b84a93976635cb20e6fdab0ee186823cb2d9bd68261b89d2e2e89097a4971e5184bb941f1072bcc89ce6910e9b621d81a6211d80bfb38d3e978d94eb7
SSDEEP

1536:nhb2ThTpQSgxVQK/+z4e/4vsG2g9HXW1K:OhOxVx+Ee/GA2XW0

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  JaffaCakes118_174ed39dd8c86cb8c42c3ab27aca5f10
- Size
  
  86KB
- MD5
  
  174ed39dd8c86cb8c42c3ab27aca5f10
- SHA1
  
  10b54f5c424d89a2bdd4b60bdb7000663628b2f9
- SHA256
  
  f000dc62a3ea2b4f89dfb827744b7470ced4fe9af7561207d17f100e42856f37
- SHA512
  
  a2a9b71b84a93976635cb20e6fdab0ee186823cb2d9bd68261b89d2e2e89097a4971e5184bb941f1072bcc89ce6910e9b621d81a6211d80bfb38d3e978d94eb7
- SSDEEP
  
  1536:nhb2ThTpQSgxVQK/+z4e/4vsG2g9HXW1K:OhOxVx+Ee/GA2XW0
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2