1f5c8bef69b72c5b4534c6801964c5751da0fa3cdf4266efaa8c9351a80ed505 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

23944151aeccbf9ddc4bcd620bffc571_JaffaCakes118
Size

261KB
Sample

240703-yr2b4avhrq
MD5

23944151aeccbf9ddc4bcd620bffc571
SHA1

09ec5f79fa4a7da28a671aa89a26665e6e8ff991
SHA256

1f5c8bef69b72c5b4534c6801964c5751da0fa3cdf4266efaa8c9351a80ed505
SHA512

7cd5cf3be02ad19bf0f6925ee1f41cb480f4c48224ba183512cd0fc2803dfd433aca5784a8cf429656ac167c3245cd59601c3e4a335b55c18ce32e03209ff72e
SSDEEP

6144:8sMdjPSZWpwE1bYvuaBDLUfNuuunrwGo8r2guQnjR:8DPSZrEtPU4Nmn08r2QnjR

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  23944151aeccbf9ddc4bcd620bffc571_JaffaCakes118
- Size
  
  261KB
- MD5
  
  23944151aeccbf9ddc4bcd620bffc571
- SHA1
  
  09ec5f79fa4a7da28a671aa89a26665e6e8ff991
- SHA256
  
  1f5c8bef69b72c5b4534c6801964c5751da0fa3cdf4266efaa8c9351a80ed505
- SHA512
  
  7cd5cf3be02ad19bf0f6925ee1f41cb480f4c48224ba183512cd0fc2803dfd433aca5784a8cf429656ac167c3245cd59601c3e4a335b55c18ce32e03209ff72e
- SSDEEP
  
  6144:8sMdjPSZWpwE1bYvuaBDLUfNuuunrwGo8r2guQnjR:8DPSZrEtPU4Nmn08r2QnjR
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence