87e593210436d6a7d4424d3d4a3f7a3fad138b5d261e4e42d0e762b0720c5452 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b95cae7bed4716e12e8df00b1875772_JaffaCakes118
Size

300KB
Sample

240625-a2h2hathnj
MD5

0b95cae7bed4716e12e8df00b1875772
SHA1

d9800f6d97780e144b531279fa1f02a05be00035
SHA256

87e593210436d6a7d4424d3d4a3f7a3fad138b5d261e4e42d0e762b0720c5452
SHA512

aee9bc0c3a90157d287a83ca0a233febfdb95851b03d499e1f3e45b75230fb456d9af59198b05d1e214e32047eeb4e3a1f9720132373411e5c94601e0586c8d8
SSDEEP

6144:3Cx95xIZvkHxwi9G1JSzy8J61b39mv74RMKFPIO:SdxIVkHxwDJSzy8J6R5Rd

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  0b95cae7bed4716e12e8df00b1875772_JaffaCakes118
- Size
  
  300KB
- MD5
  
  0b95cae7bed4716e12e8df00b1875772
- SHA1
  
  d9800f6d97780e144b531279fa1f02a05be00035
- SHA256
  
  87e593210436d6a7d4424d3d4a3f7a3fad138b5d261e4e42d0e762b0720c5452
- SHA512
  
  aee9bc0c3a90157d287a83ca0a233febfdb95851b03d499e1f3e45b75230fb456d9af59198b05d1e214e32047eeb4e3a1f9720132373411e5c94601e0586c8d8
- SSDEEP
  
  6144:3Cx95xIZvkHxwi9G1JSzy8J61b39mv74RMKFPIO:SdxIVkHxwDJSzy8J6R5Rd
Score

7^/10

persistence
- Deletes itself
- Loads dropped DLL
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2