9579f5122446da5b8460113b63928ba00cc68007194c463ec103e284d0e8aead | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1a8400e87a5d62951bb36225e5dd61a7_JaffaCakes118
Size

277KB
Sample

240701-jtcn7azfmc
MD5

1a8400e87a5d62951bb36225e5dd61a7
SHA1

09455d5ec31d523d6a7332a34de4e59ab1c6d3f6
SHA256

9579f5122446da5b8460113b63928ba00cc68007194c463ec103e284d0e8aead
SHA512

8b03b0e1edbaaa272fea24eff1456d574986e61b0d54361e6abaaf286dc9df59b9c7e8e8a106573a4278d2655dc4116294255215fba27bc04c425255bd2a2e89
SSDEEP

6144:/1TnDzopfUxko17BX/ECry0Eya7dSYl0Od/P+9:/1TDeo59EgUgYl08+

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  1a8400e87a5d62951bb36225e5dd61a7_JaffaCakes118
- Size
  
  277KB
- MD5
  
  1a8400e87a5d62951bb36225e5dd61a7
- SHA1
  
  09455d5ec31d523d6a7332a34de4e59ab1c6d3f6
- SHA256
  
  9579f5122446da5b8460113b63928ba00cc68007194c463ec103e284d0e8aead
- SHA512
  
  8b03b0e1edbaaa272fea24eff1456d574986e61b0d54361e6abaaf286dc9df59b9c7e8e8a106573a4278d2655dc4116294255215fba27bc04c425255bd2a2e89
- SSDEEP
  
  6144:/1TnDzopfUxko17BX/ECry0Eya7dSYl0Od/P+9:/1TDeo59EgUgYl08+
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence