b3eab21377d2206f1bd5e1f2589dafa91c3896d9d0d95bfc537cd10ddca1039d | Triage

Sharing

General

Target

22a3f06f8f5cae94a499b6b2f7e8f563_JaffaCakes118
Size

239KB
Sample

240703-rg47ns1hme
MD5

22a3f06f8f5cae94a499b6b2f7e8f563
SHA1

d66cc039fc435b20d644485fdfd91d38a815e155
SHA256

b3eab21377d2206f1bd5e1f2589dafa91c3896d9d0d95bfc537cd10ddca1039d
SHA512

dedab80e6dfa8c6154ca79aaeb835136db6e8cbabcbd500f4ba0b1bd22cc084ae19767f646506c8d30e4c6c4058f88e4cd186a8683a2e5cb6b4d19fa00feb8f9
SSDEEP

6144:hymIF7+kuCDqHZmyQ4EaDU7PvRPRYuHoLc:hyTF+1sqU4EaIFPRoLc

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  22a3f06f8f5cae94a499b6b2f7e8f563_JaffaCakes118
- Size
  
  239KB
- MD5
  
  22a3f06f8f5cae94a499b6b2f7e8f563
- SHA1
  
  d66cc039fc435b20d644485fdfd91d38a815e155
- SHA256
  
  b3eab21377d2206f1bd5e1f2589dafa91c3896d9d0d95bfc537cd10ddca1039d
- SHA512
  
  dedab80e6dfa8c6154ca79aaeb835136db6e8cbabcbd500f4ba0b1bd22cc084ae19767f646506c8d30e4c6c4058f88e4cd186a8683a2e5cb6b4d19fa00feb8f9
- SSDEEP
  
  6144:hymIF7+kuCDqHZmyQ4EaDU7PvRPRYuHoLc:hyTF+1sqU4EaIFPRoLc
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2