bfe9768c4f466691b783d297bc13e0f938e4ccf1fd472cf4fc929545729a92f4 | Triage

Sharing

General

Target

2ed543ac0f5c084b4e1f935b5c239a75_JaffaCakes118
Size

34KB
Sample

240709-dy98csterp
MD5

2ed543ac0f5c084b4e1f935b5c239a75
SHA1

b1d8b4434f8fe0b5fefd87bfebd9375d263aa59c
SHA256

bfe9768c4f466691b783d297bc13e0f938e4ccf1fd472cf4fc929545729a92f4
SHA512

0606dada5700e800f9fd15529a216ea83776cacdc2bf8d37ec0438454fb9c9002600b65e722a8bcc13771666e1342399a0db20c3d57c5b575ae5c3ddaa8e5e1d
SSDEEP

768:UTWhTvxqra7fE8a1bh2dqLUgvL89Wrs1S0LY:tlqe7q1bhaqLUyL8Irs1

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2ed543ac0f5c084b4e1f935b5c239a75_JaffaCakes118
- Size
  
  34KB
- MD5
  
  2ed543ac0f5c084b4e1f935b5c239a75
- SHA1
  
  b1d8b4434f8fe0b5fefd87bfebd9375d263aa59c
- SHA256
  
  bfe9768c4f466691b783d297bc13e0f938e4ccf1fd472cf4fc929545729a92f4
- SHA512
  
  0606dada5700e800f9fd15529a216ea83776cacdc2bf8d37ec0438454fb9c9002600b65e722a8bcc13771666e1342399a0db20c3d57c5b575ae5c3ddaa8e5e1d
- SSDEEP
  
  768:UTWhTvxqra7fE8a1bh2dqLUgvL89Wrs1S0LY:tlqe7q1bhaqLUyL8Irs1
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2