08c7faced3a617cd84fce8a001b37e1670029424295227fb8ea135b7a6c9b9a9 | Triage

Sharing

General

Target

69dfa48bf0d1c5cf6b6252955f05bcd8_JaffaCakes118
Size

244KB
Sample

240724-cl3r3ssdml
MD5

69dfa48bf0d1c5cf6b6252955f05bcd8
SHA1

af96c29b947fbf077299de1bd6bde5530ba3c910
SHA256

08c7faced3a617cd84fce8a001b37e1670029424295227fb8ea135b7a6c9b9a9
SHA512

83bb63ff26be72c4fe06d72bf625a40c168f3a605e5ea4e9e8850d8cef372b20468a9adc566343af1563098ad7cddfca01fd692d2afa2c3ef72a48d0edf091d1
SSDEEP

3072:e1zwL/j2SuQEwdNwksdA7pH1zwLvaeGM1Si:e1z0jFNwkH7pH1zZ

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  69dfa48bf0d1c5cf6b6252955f05bcd8_JaffaCakes118
- Size
  
  244KB
- MD5
  
  69dfa48bf0d1c5cf6b6252955f05bcd8
- SHA1
  
  af96c29b947fbf077299de1bd6bde5530ba3c910
- SHA256
  
  08c7faced3a617cd84fce8a001b37e1670029424295227fb8ea135b7a6c9b9a9
- SHA512
  
  83bb63ff26be72c4fe06d72bf625a40c168f3a605e5ea4e9e8850d8cef372b20468a9adc566343af1563098ad7cddfca01fd692d2afa2c3ef72a48d0edf091d1
- SSDEEP
  
  3072:e1zwL/j2SuQEwdNwksdA7pH1zwLvaeGM1Si:e1z0jFNwkH7pH1zZ
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence