488f70de4c7b2c78b4327bd2d1260dcc3acfe42a8104234d508f4bd1bd10f01b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17f0fa2dd4b328c34e3b04c9585205a5_JaffaCakes118
Size

81KB
Sample

240627-3g1d9sybnb
MD5

17f0fa2dd4b328c34e3b04c9585205a5
SHA1

ad815b2e0ace04c96ca8caa74e22c8023b54544b
SHA256

488f70de4c7b2c78b4327bd2d1260dcc3acfe42a8104234d508f4bd1bd10f01b
SHA512

eb37f0331e82c4c15254ee9bbe32154279b81f9d7b4b3e5dd881ff80c858cc8dc163f239e846634831908a3953704d3de8ab6eb5565b27e49629035adeacb1d8
SSDEEP

1536:KAr81O1DIS8N1H2b6BXnUZTwvqLHbaerb9j18jCf4QSfEpQMfhupY:MsDIvN1H2uBkZTfa6tm24REpQMpP

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  17f0fa2dd4b328c34e3b04c9585205a5_JaffaCakes118
- Size
  
  81KB
- MD5
  
  17f0fa2dd4b328c34e3b04c9585205a5
- SHA1
  
  ad815b2e0ace04c96ca8caa74e22c8023b54544b
- SHA256
  
  488f70de4c7b2c78b4327bd2d1260dcc3acfe42a8104234d508f4bd1bd10f01b
- SHA512
  
  eb37f0331e82c4c15254ee9bbe32154279b81f9d7b4b3e5dd881ff80c858cc8dc163f239e846634831908a3953704d3de8ab6eb5565b27e49629035adeacb1d8
- SSDEEP
  
  1536:KAr81O1DIS8N1H2b6BXnUZTwvqLHbaerb9j18jCf4QSfEpQMfhupY:MsDIvN1H2uBkZTfa6tm24REpQMpP
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2