General
-
Target
61aa998474466303c808dc357c7bef10_JaffaCakes118
-
Size
4KB
-
Sample
240721-2eppbaxgqd
-
MD5
61aa998474466303c808dc357c7bef10
-
SHA1
2f781e22b697efe9e9f2177415ef84d9a4e73b11
-
SHA256
55c654112d276451be1266bd6eb9612a51bc9ed5daacab0e6adcc2fdc0965c2d
-
SHA512
1d0cd79d4af789daa4af7fb5796badf019493c9aa3173e6564c633aeebbaab38a7e3495cb3e9947cbd63021813c804a46196608228bb0d8797db18b6b4592b4a
-
SSDEEP
96:INp/VQ88ZKI5j8cUNbl3O/foXCD/tdKMNeqfdm70niN4dgOTzvSQmE:INw/Zx56l3O3oX0GkfdpI4dgOL0E
Malware Config
Targets
-
-
Target
61aa998474466303c808dc357c7bef10_JaffaCakes118
-
Size
4KB
-
MD5
61aa998474466303c808dc357c7bef10
-
SHA1
2f781e22b697efe9e9f2177415ef84d9a4e73b11
-
SHA256
55c654112d276451be1266bd6eb9612a51bc9ed5daacab0e6adcc2fdc0965c2d
-
SHA512
1d0cd79d4af789daa4af7fb5796badf019493c9aa3173e6564c633aeebbaab38a7e3495cb3e9947cbd63021813c804a46196608228bb0d8797db18b6b4592b4a
-
SSDEEP
96:INp/VQ88ZKI5j8cUNbl3O/foXCD/tdKMNeqfdm70niN4dgOTzvSQmE:INw/Zx56l3O3oX0GkfdpI4dgOL0E
Score10/10-
Modifies WinLogon for persistence
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1