General
-
Target
5d6860a98f0a5122b34331a275f3556b_JaffaCakes118
-
Size
24KB
-
Sample
240719-ygxwxszgkh
-
MD5
5d6860a98f0a5122b34331a275f3556b
-
SHA1
2af844edc64a46cf82f17b4ef20dedb49b733422
-
SHA256
a9f15397512e7ae62b381036d8cf2babb20e391bf1c4145dfcdf03813b94bbba
-
SHA512
511702b455e36023fefbb1153b97ff34c7dfd9743f0f4fa224ba071cd88011ae65fdffa60d767e90d1423dd682878d9058bbfbdc0a11b8d40fb7a0bbad6798eb
-
SSDEEP
384:Zve6kWKQYebBTfN4ZgeEYqpiVHESVviSDbo6dE+oekG802OyG0i02OyG0:ZDKQRjpCTtSUEQpH2OyGy2OyG
Malware Config
Targets
-
-
Target
5d6860a98f0a5122b34331a275f3556b_JaffaCakes118
-
Size
24KB
-
MD5
5d6860a98f0a5122b34331a275f3556b
-
SHA1
2af844edc64a46cf82f17b4ef20dedb49b733422
-
SHA256
a9f15397512e7ae62b381036d8cf2babb20e391bf1c4145dfcdf03813b94bbba
-
SHA512
511702b455e36023fefbb1153b97ff34c7dfd9743f0f4fa224ba071cd88011ae65fdffa60d767e90d1423dd682878d9058bbfbdc0a11b8d40fb7a0bbad6798eb
-
SSDEEP
384:Zve6kWKQYebBTfN4ZgeEYqpiVHESVviSDbo6dE+oekG802OyG0i02OyG0:ZDKQRjpCTtSUEQpH2OyGy2OyG
Score10/10-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in System32 directory
-