General
-
Target
257aecf4e0933d2a059ee83d3479e031_JaffaCakes118
-
Size
47KB
-
Sample
240704-lntrmaxala
-
MD5
257aecf4e0933d2a059ee83d3479e031
-
SHA1
105878ecb0731ed9abece5863b484a2e544ee533
-
SHA256
fdfd07b5ff8800056b24642ef4b4df9f467b778e9b877c10ebaf4d22e03a931a
-
SHA512
3d5425cd6f33950b24809a965b2429e37a7fa7c448b5f475578f857b92227a9d7b8eb727853b6b42a50324a6689a3545016480c6d20c2d2915953e5b770d39d8
-
SSDEEP
768:/jBRXguzzKBA1pDjjgI8kXE0bj10ThhnvhXtllbykBe+SxmhaDSegooJ1vG+09nG://wsN1pDjik0Q10ThhntLlbykBWTSe0n
Malware Config
Targets
-
-
Target
257aecf4e0933d2a059ee83d3479e031_JaffaCakes118
-
Size
47KB
-
MD5
257aecf4e0933d2a059ee83d3479e031
-
SHA1
105878ecb0731ed9abece5863b484a2e544ee533
-
SHA256
fdfd07b5ff8800056b24642ef4b4df9f467b778e9b877c10ebaf4d22e03a931a
-
SHA512
3d5425cd6f33950b24809a965b2429e37a7fa7c448b5f475578f857b92227a9d7b8eb727853b6b42a50324a6689a3545016480c6d20c2d2915953e5b770d39d8
-
SSDEEP
768:/jBRXguzzKBA1pDjjgI8kXE0bj10ThhnvhXtllbykBe+SxmhaDSegooJ1vG+09nG://wsN1pDjik0Q10ThhntLlbykBWTSe0n
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1