b807a0152ff3b7681e5a40a8736d6424a9d75098c67cf42b8624830dbb9e36bc | Triage

Sharing

General

Target

5eefb13dda842bb25d79c085e60c41cf_JaffaCakes118
Size

384KB
Sample

240720-eg85eayepb
MD5

5eefb13dda842bb25d79c085e60c41cf
SHA1

8773edd01e7165d7b6b3bf39ce08be251767a892
SHA256

b807a0152ff3b7681e5a40a8736d6424a9d75098c67cf42b8624830dbb9e36bc
SHA512

a7eeea688d1483d2aa4421c40da1a3c7baf67276329e0fd2ff67e09c1d63f30b2d39970273f28a4483081c22c498c29ccdde1be642818df9264364e51c19b826
SSDEEP

3072:y+aDvo8q37qmr34t7ZSBYfkVoFdRrqo0aRaA/HF673+UWHIfrzajLmp4:SboXLqmrCNkVsuaRaU6mHGm

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  5eefb13dda842bb25d79c085e60c41cf_JaffaCakes118
- Size
  
  384KB
- MD5
  
  5eefb13dda842bb25d79c085e60c41cf
- SHA1
  
  8773edd01e7165d7b6b3bf39ce08be251767a892
- SHA256
  
  b807a0152ff3b7681e5a40a8736d6424a9d75098c67cf42b8624830dbb9e36bc
- SHA512
  
  a7eeea688d1483d2aa4421c40da1a3c7baf67276329e0fd2ff67e09c1d63f30b2d39970273f28a4483081c22c498c29ccdde1be642818df9264364e51c19b826
- SSDEEP
  
  3072:y+aDvo8q37qmr34t7ZSBYfkVoFdRrqo0aRaA/HF673+UWHIfrzajLmp4:SboXLqmrCNkVsuaRaU6mHGm
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2