9bf8a60e76a38b42be7d216073038851dd5d671816c7ff85bfa14a71f220302a | Triage

Sharing

General

Target

36c42dd50f28aee2acc8a20ebd43671f_JaffaCakes118
Size

391KB
Sample

240710-23h7favenr
MD5

36c42dd50f28aee2acc8a20ebd43671f
SHA1

786d7e7fe330f0d9abb0f6ada971b57030353cfb
SHA256

9bf8a60e76a38b42be7d216073038851dd5d671816c7ff85bfa14a71f220302a
SHA512

e8ec093452d3faacbfaa4febbeb44f3c1a582d42f17cdbd6399507386be140e199ab947c42e8fb9f327e4c56eccd0743fe0e7a69a1f32ef4bd1a9c7aed1a2631
SSDEEP

12288:0tN/P3Zgc2IdOUWz8gYdZwuUYJGmr1xK2pE9:0tNHuiWzid+tYg4K2pA

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  36c42dd50f28aee2acc8a20ebd43671f_JaffaCakes118
- Size
  
  391KB
- MD5
  
  36c42dd50f28aee2acc8a20ebd43671f
- SHA1
  
  786d7e7fe330f0d9abb0f6ada971b57030353cfb
- SHA256
  
  9bf8a60e76a38b42be7d216073038851dd5d671816c7ff85bfa14a71f220302a
- SHA512
  
  e8ec093452d3faacbfaa4febbeb44f3c1a582d42f17cdbd6399507386be140e199ab947c42e8fb9f327e4c56eccd0743fe0e7a69a1f32ef4bd1a9c7aed1a2631
- SSDEEP
  
  12288:0tN/P3Zgc2IdOUWz8gYdZwuUYJGmr1xK2pE9:0tNHuiWzid+tYg4K2pA
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2