e60cfaa791c003a183ad787fb0287925360cd2a4dc75c72c5721d4fe7d6895d1 | Triage

Sharing

General

Target

29d561be6a08a4a4970b5371bc63e9a2_JaffaCakes118
Size

205KB
Sample

240707-jltyhazaqd
MD5

29d561be6a08a4a4970b5371bc63e9a2
SHA1

52418ac111b7da8c0c9f2d414a9e920a6acb7935
SHA256

e60cfaa791c003a183ad787fb0287925360cd2a4dc75c72c5721d4fe7d6895d1
SHA512

faaae58a9aa5e2a7b37dff772b54610b4031d3b59990213ffeea962d7e1fa6930fd8ddb7f4c9f548361be3610ce407c8da3e77887c2121a6da462f42168f0f5c
SSDEEP

6144:vW8Ixnn5g5x6Yt+QRY2zlF1gwczQb2zuZCv5kT:vRI5Ox6YtRR/f15b2CZCRS

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  29d561be6a08a4a4970b5371bc63e9a2_JaffaCakes118
- Size
  
  205KB
- MD5
  
  29d561be6a08a4a4970b5371bc63e9a2
- SHA1
  
  52418ac111b7da8c0c9f2d414a9e920a6acb7935
- SHA256
  
  e60cfaa791c003a183ad787fb0287925360cd2a4dc75c72c5721d4fe7d6895d1
- SHA512
  
  faaae58a9aa5e2a7b37dff772b54610b4031d3b59990213ffeea962d7e1fa6930fd8ddb7f4c9f548361be3610ce407c8da3e77887c2121a6da462f42168f0f5c
- SSDEEP
  
  6144:vW8Ixnn5g5x6Yt+QRY2zlF1gwczQb2zuZCv5kT:vRI5Ox6YtRR/f15b2CZCRS
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2