647152250e30c698a03b26fcb70609d9833dfc4e5b0b78ad3f331fd2e1ad01ab | Triage

Sharing

General

Target

451f9f17ad02a28156283a7d689f1b7e_JaffaCakes118
Size

266KB
Sample

240714-ktbmkawerd
MD5

451f9f17ad02a28156283a7d689f1b7e
SHA1

f82aa99a79df0238e8acca041d7a9b5a0cd0b0d0
SHA256

647152250e30c698a03b26fcb70609d9833dfc4e5b0b78ad3f331fd2e1ad01ab
SHA512

a3882b6ee16b7515dd9049484dd9d4f0a90a0b162cf90079ee07dd5677bd14328b98b660898c2e6cadf02b29b1e04a08d28758612dd864868790b9dad99214bb
SSDEEP

6144:pGl75MNTwpRAO02kWWIkFFNyL90lKKhjgcDRznAqnlC:gl75MwRd0KGF+2gSdAglC

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  451f9f17ad02a28156283a7d689f1b7e_JaffaCakes118
- Size
  
  266KB
- MD5
  
  451f9f17ad02a28156283a7d689f1b7e
- SHA1
  
  f82aa99a79df0238e8acca041d7a9b5a0cd0b0d0
- SHA256
  
  647152250e30c698a03b26fcb70609d9833dfc4e5b0b78ad3f331fd2e1ad01ab
- SHA512
  
  a3882b6ee16b7515dd9049484dd9d4f0a90a0b162cf90079ee07dd5677bd14328b98b660898c2e6cadf02b29b1e04a08d28758612dd864868790b9dad99214bb
- SSDEEP
  
  6144:pGl75MNTwpRAO02kWWIkFFNyL90lKKhjgcDRznAqnlC:gl75MwRd0KGF+2gSdAglC
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence