95d916f1f625707fe46a27792895e4373215f517e3193f5040ca20780805f865 | Triage

Sharing

General

Target

2c1ae2ca0b7ecd8eb3234a947f5bc980_JaffaCakes118
Size

87KB
Sample

240708-naa4gaycke
MD5

2c1ae2ca0b7ecd8eb3234a947f5bc980
SHA1

f9f98c15a755a141c68ef7f442cc7e9af1f97acd
SHA256

95d916f1f625707fe46a27792895e4373215f517e3193f5040ca20780805f865
SHA512

0441b114468b3f1e7da85cbba96604ec187b70a0d26258289ed2e0898e7bc93c1535a429fb141d2ce06eee4776ede5c504046a5d4dccd597ac4f2b6265e8bb08
SSDEEP

1536:usN/zQjjrQxKf6I84A4GBQgS5h628DNCrH0FKts4y45c:uGrQLxrcFk8crhts4y45c

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  2c1ae2ca0b7ecd8eb3234a947f5bc980_JaffaCakes118
- Size
  
  87KB
- MD5
  
  2c1ae2ca0b7ecd8eb3234a947f5bc980
- SHA1
  
  f9f98c15a755a141c68ef7f442cc7e9af1f97acd
- SHA256
  
  95d916f1f625707fe46a27792895e4373215f517e3193f5040ca20780805f865
- SHA512
  
  0441b114468b3f1e7da85cbba96604ec187b70a0d26258289ed2e0898e7bc93c1535a429fb141d2ce06eee4776ede5c504046a5d4dccd597ac4f2b6265e8bb08
- SSDEEP
  
  1536:usN/zQjjrQxKf6I84A4GBQgS5h628DNCrH0FKts4y45c:uGrQLxrcFk8crhts4y45c
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2