f5a6f68917e80b40f242deaac1047997dc78dc31489f834d037b313ef648e3bc | Triage

Sharing

General

Target

244edd040695387dfbe1e7bb5f3bafd3_JaffaCakes118
Size

211KB
Sample

240704-cteefs1fnb
MD5

244edd040695387dfbe1e7bb5f3bafd3
SHA1

b95a9ba700ae3e6585414706c0fff7dfa47a856b
SHA256

f5a6f68917e80b40f242deaac1047997dc78dc31489f834d037b313ef648e3bc
SHA512

5f2e68c004148d9a4c497286cee2b729ced6e9033aaae0c4b3b64575db56a9051856cae5e1a5c0b37049efbccd0fb88876a25118842e46bff324d67ddf30924e
SSDEEP

3072:6GwPsm1VrwxOsf0juzv8j4P1Hr6krr4IEhx9QZe2gO9mG9UHA30Vt3E/vDjb:6G/iVkO20SFgBhxtW9mG9+Umt3Ezjb

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  244edd040695387dfbe1e7bb5f3bafd3_JaffaCakes118
- Size
  
  211KB
- MD5
  
  244edd040695387dfbe1e7bb5f3bafd3
- SHA1
  
  b95a9ba700ae3e6585414706c0fff7dfa47a856b
- SHA256
  
  f5a6f68917e80b40f242deaac1047997dc78dc31489f834d037b313ef648e3bc
- SHA512
  
  5f2e68c004148d9a4c497286cee2b729ced6e9033aaae0c4b3b64575db56a9051856cae5e1a5c0b37049efbccd0fb88876a25118842e46bff324d67ddf30924e
- SSDEEP
  
  3072:6GwPsm1VrwxOsf0juzv8j4P1Hr6krr4IEhx9QZe2gO9mG9UHA30Vt3E/vDjb:6G/iVkO20SFgBhxtW9mG9+Umt3Ezjb
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2