2c9edd0e5e5a492348a0f78ba8c99badd222423af772d945f78750d496860d02 | Triage

Sharing

General

Target

2ed1da00d9b8942bf57b193d8bea918b_JaffaCakes118
Size

770KB
Sample

240709-dwbxsawdjd
MD5

2ed1da00d9b8942bf57b193d8bea918b
SHA1

112398a9bb039be6a04f47e7f2d81924219f3ce6
SHA256

2c9edd0e5e5a492348a0f78ba8c99badd222423af772d945f78750d496860d02
SHA512

2cb0738d877785deb39ad7db0c95d5eaac0a8c406c16b8c8b2b0b30a25b89be6869c1a9f4a09c3baa7ef1a705c3ba5a746fb365989f8171522f94b4139c169bf
SSDEEP

12288:GWHD328+Z71u3FxsdnQSNZ9X5NIPQvQQP/3:GoD9+ZY3FSNXcPQ4QH

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  2ed1da00d9b8942bf57b193d8bea918b_JaffaCakes118
- Size
  
  770KB
- MD5
  
  2ed1da00d9b8942bf57b193d8bea918b
- SHA1
  
  112398a9bb039be6a04f47e7f2d81924219f3ce6
- SHA256
  
  2c9edd0e5e5a492348a0f78ba8c99badd222423af772d945f78750d496860d02
- SHA512
  
  2cb0738d877785deb39ad7db0c95d5eaac0a8c406c16b8c8b2b0b30a25b89be6869c1a9f4a09c3baa7ef1a705c3ba5a746fb365989f8171522f94b4139c169bf
- SSDEEP
  
  12288:GWHD328+Z71u3FxsdnQSNZ9X5NIPQvQQP/3:GoD9+ZY3FSNXcPQ4QH
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2