6d415d88150eee9e16f11bfefc0b651ff7016bfb7beed878dadcd7c8df55b862 | Triage

Sharing

General

Target

2f4bf16670b3f9335d9fcf68e1e473a3_JaffaCakes118
Size

189KB
Sample

240709-g663fssfjg
MD5

2f4bf16670b3f9335d9fcf68e1e473a3
SHA1

dbe876957121dde5f0d73b496cf8f68accd1962c
SHA256

6d415d88150eee9e16f11bfefc0b651ff7016bfb7beed878dadcd7c8df55b862
SHA512

8a2ee7228d0924a53c1e9f5e4250e4ebcfc12e8c0240a6d8995d0ce5d807179493522059554f7f241222f8502878c9e393e35ef7f56275de180e45bcacf88ac5
SSDEEP

3072:NnWe1jbeWHSOPdIuG8UvahsdcYX3UI2EuJ3im/ZCdady+RlTp/VYq63+sU:NWepbZfPBUyhsdEI2++M+RlTHYW

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  2f4bf16670b3f9335d9fcf68e1e473a3_JaffaCakes118
- Size
  
  189KB
- MD5
  
  2f4bf16670b3f9335d9fcf68e1e473a3
- SHA1
  
  dbe876957121dde5f0d73b496cf8f68accd1962c
- SHA256
  
  6d415d88150eee9e16f11bfefc0b651ff7016bfb7beed878dadcd7c8df55b862
- SHA512
  
  8a2ee7228d0924a53c1e9f5e4250e4ebcfc12e8c0240a6d8995d0ce5d807179493522059554f7f241222f8502878c9e393e35ef7f56275de180e45bcacf88ac5
- SSDEEP
  
  3072:NnWe1jbeWHSOPdIuG8UvahsdcYX3UI2EuJ3im/ZCdady+RlTp/VYq63+sU:NWepbZfPBUyhsdEI2++M+RlTHYW
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2