43d3b62c463c79fd235624fdfc50382c0a7e034c7b7306fdf4e39472d303cbaf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f036b98a4a283b5c094e129dea8f2b31_JaffaCakes118
Size

239KB
Sample

240415-d5sa5agb7z
MD5

f036b98a4a283b5c094e129dea8f2b31
SHA1

1f16b397bbf66698c28f2ccb568a48a13bbf6a9a
SHA256

43d3b62c463c79fd235624fdfc50382c0a7e034c7b7306fdf4e39472d303cbaf
SHA512

94daf169a405215114153f632a41aa05fbbe045fdecd979fd6ec22a9b5f13069b1cbe8446454f3947c564b3d823603e7c54f045009f13bb156b818a40aea5403
SSDEEP

6144:ecfqGJSFKnLQXBgBrX227mz4DgAxOvKWr8:dtJS40x0pDgAxOv/8

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  f036b98a4a283b5c094e129dea8f2b31_JaffaCakes118
- Size
  
  239KB
- MD5
  
  f036b98a4a283b5c094e129dea8f2b31
- SHA1
  
  1f16b397bbf66698c28f2ccb568a48a13bbf6a9a
- SHA256
  
  43d3b62c463c79fd235624fdfc50382c0a7e034c7b7306fdf4e39472d303cbaf
- SHA512
  
  94daf169a405215114153f632a41aa05fbbe045fdecd979fd6ec22a9b5f13069b1cbe8446454f3947c564b3d823603e7c54f045009f13bb156b818a40aea5403
- SSDEEP
  
  6144:ecfqGJSFKnLQXBgBrX227mz4DgAxOvKWr8:dtJS40x0pDgAxOv/8
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence