bb0e092dd61d3a53ecd00e3526df8ba354ec3f7ba4d42c343808f7bf92d8afb7 | Triage

Sharing

General

Target

20f7c6e93464eb84ed03723fa2a668f0_JaffaCakes118
Size

264KB
Sample

240703-d9775swbpe
MD5

20f7c6e93464eb84ed03723fa2a668f0
SHA1

f20488a63cf4fb7ad34a67de62213ead333c913c
SHA256

bb0e092dd61d3a53ecd00e3526df8ba354ec3f7ba4d42c343808f7bf92d8afb7
SHA512

2be8f58fb1bebba136c31c3b5572894935f7692e773e001a151dd4d5edcd8a773dd89173200e0b8bd9739ed1ad4a59a4ce35e0b7390fb0c047bbd33e6890d474
SSDEEP

6144:rrlVrh6fSkFmTGpUpulbFrHuDpGQkwO8T62asOLNhIbwHojoDtbatbeWK:3oZ8qpUwufw8T6XLNhcwHWntbbK

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  20f7c6e93464eb84ed03723fa2a668f0_JaffaCakes118
- Size
  
  264KB
- MD5
  
  20f7c6e93464eb84ed03723fa2a668f0
- SHA1
  
  f20488a63cf4fb7ad34a67de62213ead333c913c
- SHA256
  
  bb0e092dd61d3a53ecd00e3526df8ba354ec3f7ba4d42c343808f7bf92d8afb7
- SHA512
  
  2be8f58fb1bebba136c31c3b5572894935f7692e773e001a151dd4d5edcd8a773dd89173200e0b8bd9739ed1ad4a59a4ce35e0b7390fb0c047bbd33e6890d474
- SSDEEP
  
  6144:rrlVrh6fSkFmTGpUpulbFrHuDpGQkwO8T62asOLNhIbwHojoDtbatbeWK:3oZ8qpUwufw8T6XLNhcwHWntbbK
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence