60edceac467ef6f6bf508541f285ab18f22eaa2178e3aedd3dcfc3d3e86a3b80 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17c1bd0c864fe700611968f3d31b7377_JaffaCakes118
Size

133KB
Sample

240627-2c1nssxcjn
MD5

17c1bd0c864fe700611968f3d31b7377
SHA1

3e09fca1f018a89a5ce5360f4ded502e31799de7
SHA256

60edceac467ef6f6bf508541f285ab18f22eaa2178e3aedd3dcfc3d3e86a3b80
SHA512

65ea59fac2629007d585a6da584d3154a133f68925131fc2235db4444c0ca12f337995cd4c60c46636c9072f63fe5e2d3de201d2834d50d96ca3ed290b88c6b1
SSDEEP

3072:FMm5qxLOFf2a9Zgw3JgeZlfj3Rfh5htthH5DhlVLvNd/RTfmEYfh0:kxLOFzrgw3mUlfdJ5/zldb/RTObfC

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  17c1bd0c864fe700611968f3d31b7377_JaffaCakes118
- Size
  
  133KB
- MD5
  
  17c1bd0c864fe700611968f3d31b7377
- SHA1
  
  3e09fca1f018a89a5ce5360f4ded502e31799de7
- SHA256
  
  60edceac467ef6f6bf508541f285ab18f22eaa2178e3aedd3dcfc3d3e86a3b80
- SHA512
  
  65ea59fac2629007d585a6da584d3154a133f68925131fc2235db4444c0ca12f337995cd4c60c46636c9072f63fe5e2d3de201d2834d50d96ca3ed290b88c6b1
- SSDEEP
  
  3072:FMm5qxLOFf2a9Zgw3JgeZlfj3Rfh5htthH5DhlVLvNd/RTfmEYfh0:kxLOFzrgw3mUlfdJ5/zldb/RTObfC
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2