b9239d4a14599b8c763c1d49e2fa78d5d1c60e6279b604fc13940a8576066f18 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

68463ca0b4363324d320cae043944d46_JaffaCakes118
Size

64KB
Sample

240723-tnl1saycnl
MD5

68463ca0b4363324d320cae043944d46
SHA1

6af50e157333af2e0d56eebf0ac47c011d18ebc2
SHA256

b9239d4a14599b8c763c1d49e2fa78d5d1c60e6279b604fc13940a8576066f18
SHA512

61efabd31e539100ddd41247016d9b6ba5a82179b4eeec89c1b0a9f9d2158e97a9bcd789bbd40b33ed74bad7bc310b763c0da6f6ecde7b7fc3ab8d3a49969cd9
SSDEEP

1536:0YZVX+8k78lXDOIdJf5lk14idV6RkmZuFuaMHbrobtInqlcSoXpxw:0YZVS7IaKH+4YpfUaMHQ1oXk

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  68463ca0b4363324d320cae043944d46_JaffaCakes118
- Size
  
  64KB
- MD5
  
  68463ca0b4363324d320cae043944d46
- SHA1
  
  6af50e157333af2e0d56eebf0ac47c011d18ebc2
- SHA256
  
  b9239d4a14599b8c763c1d49e2fa78d5d1c60e6279b604fc13940a8576066f18
- SHA512
  
  61efabd31e539100ddd41247016d9b6ba5a82179b4eeec89c1b0a9f9d2158e97a9bcd789bbd40b33ed74bad7bc310b763c0da6f6ecde7b7fc3ab8d3a49969cd9
- SSDEEP
  
  1536:0YZVX+8k78lXDOIdJf5lk14idV6RkmZuFuaMHbrobtInqlcSoXpxw:0YZVS7IaKH+4YpfUaMHQ1oXk
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence