996f40bd5dcd84c37a841ad2147b5b65d59cc225f81e8c00a311de23bc2380c7 | Triage

Sharing

General

Target

0e3f7e3b68c4886a62334f274af5e0f9_JaffaCakes118
Size

151KB
Sample

240625-qqgbjavhnl
MD5

0e3f7e3b68c4886a62334f274af5e0f9
SHA1

658af748c8c399c3a9917f81e41d1a0bdd51f9c7
SHA256

996f40bd5dcd84c37a841ad2147b5b65d59cc225f81e8c00a311de23bc2380c7
SHA512

dc474046b3446dcbe70e8e4967e8786525fa5aa841e033e7e77585ba6491ad9a6ab2b76bd401c261bdc4817917a0cbdfe14489933879d42f29389b9f6aff8d3b
SSDEEP

3072:TsCQqGkxieGr8zwtlXPULx5zxkwtZQIkUr+YtqlPD6uOqQqePJZXQsLTcXWt:hGBeGrFfULLxbUqDtkPpSzjXQfmt

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  0e3f7e3b68c4886a62334f274af5e0f9_JaffaCakes118
- Size
  
  151KB
- MD5
  
  0e3f7e3b68c4886a62334f274af5e0f9
- SHA1
  
  658af748c8c399c3a9917f81e41d1a0bdd51f9c7
- SHA256
  
  996f40bd5dcd84c37a841ad2147b5b65d59cc225f81e8c00a311de23bc2380c7
- SHA512
  
  dc474046b3446dcbe70e8e4967e8786525fa5aa841e033e7e77585ba6491ad9a6ab2b76bd401c261bdc4817917a0cbdfe14489933879d42f29389b9f6aff8d3b
- SSDEEP
  
  3072:TsCQqGkxieGr8zwtlXPULx5zxkwtZQIkUr+YtqlPD6uOqQqePJZXQsLTcXWt:hGBeGrFfULLxbUqDtkPpSzjXQfmt
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2