ba5c0d263878e13c9204c19781182e94efb9038b89421cddb8445bdf9cf0dc1f | Triage

Sharing

General

Target

6469fdd0886a5487eb6aec3ee3d8c178_JaffaCakes118
Size

257KB
Sample

240722-xqpfgasfpf
MD5

6469fdd0886a5487eb6aec3ee3d8c178
SHA1

b36a57817ed9d5f7c93f1a7a0ff0cdf3f36ba28e
SHA256

ba5c0d263878e13c9204c19781182e94efb9038b89421cddb8445bdf9cf0dc1f
SHA512

8d72c67d13373674992e2d4b1de1646b7c75e4a837662b15ad6da577599395d5bcc767c49c5d22d56fcabff9175662b4fba79b9428e2df9e6a6a4a164142ec71
SSDEEP

3072:bicFgFSqXNa0s3o2MV2SwcfjUGkmj1AWFhGIhtrJG+2ozcQU8gh1yhw7yds5VLGM:qXNNSo2EscAxmpDGIhtrTpUpH15WJS3

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  6469fdd0886a5487eb6aec3ee3d8c178_JaffaCakes118
- Size
  
  257KB
- MD5
  
  6469fdd0886a5487eb6aec3ee3d8c178
- SHA1
  
  b36a57817ed9d5f7c93f1a7a0ff0cdf3f36ba28e
- SHA256
  
  ba5c0d263878e13c9204c19781182e94efb9038b89421cddb8445bdf9cf0dc1f
- SHA512
  
  8d72c67d13373674992e2d4b1de1646b7c75e4a837662b15ad6da577599395d5bcc767c49c5d22d56fcabff9175662b4fba79b9428e2df9e6a6a4a164142ec71
- SSDEEP
  
  3072:bicFgFSqXNa0s3o2MV2SwcfjUGkmj1AWFhGIhtrJG+2ozcQU8gh1yhw7yds5VLGM:qXNNSo2EscAxmpDGIhtrTpUpH15WJS3
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence