49a1a9f485415ee30690210c1c2c511fecb3dd69f7481f3377fed38a508b0cac | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f4fa4f215eefbd176eeaa91f0d16387_JaffaCakes118
Size

147KB
Sample

240625-yjpnbs1hmr
MD5

0f4fa4f215eefbd176eeaa91f0d16387
SHA1

3920b2e4692f727a114b4d79a0c8e8f23c7cec51
SHA256

49a1a9f485415ee30690210c1c2c511fecb3dd69f7481f3377fed38a508b0cac
SHA512

e40ce74bbd80231987d226e70e2f88603efe264383d8784faac9417dba5adb58bd5e4a54a858b7cefd3ec643ff13b9d774f2aefc7e1ae0fff9e7ef38e7feb244
SSDEEP

3072:CKLk7lVPojUAv/uvnJvtq5mzc1KljyIL+fQUNOKQsdpJZUWIBEj:CKzX/YvJzc1KljmfXfAWIBEj

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  0f4fa4f215eefbd176eeaa91f0d16387_JaffaCakes118
- Size
  
  147KB
- MD5
  
  0f4fa4f215eefbd176eeaa91f0d16387
- SHA1
  
  3920b2e4692f727a114b4d79a0c8e8f23c7cec51
- SHA256
  
  49a1a9f485415ee30690210c1c2c511fecb3dd69f7481f3377fed38a508b0cac
- SHA512
  
  e40ce74bbd80231987d226e70e2f88603efe264383d8784faac9417dba5adb58bd5e4a54a858b7cefd3ec643ff13b9d774f2aefc7e1ae0fff9e7ef38e7feb244
- SSDEEP
  
  3072:CKLk7lVPojUAv/uvnJvtq5mzc1KljyIL+fQUNOKQsdpJZUWIBEj:CKzX/YvJzc1KljmfXfAWIBEj
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2