563734356596c657ed114ac367b03c4bd71185cd5f49f798e07999fcdd5bf813 | Triage

Sharing

General

Target

731b375315d471b6d4c521aafdb7d059_JaffaCakes118
Size

910KB
Sample

240726-h9ps1sxfjh
MD5

731b375315d471b6d4c521aafdb7d059
SHA1

ff58197179f54d49db8aa698057f4b7c0c0de788
SHA256

563734356596c657ed114ac367b03c4bd71185cd5f49f798e07999fcdd5bf813
SHA512

e5fdc10cfbee59d3cad00cb9b855763e375ce8b766a3b42c2db57f4d67df3ec00cb0bd187ca16e759bac15f980dbc5455e45e4d689899d1c3bda50c16bc5e4f5
SSDEEP

24576:A+ivXbZrAJrr186rmIWgVRFyIMQ5xv+UXmRE43ss:A+OXbxz8JWgg5Q5kemRR8s

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  731b375315d471b6d4c521aafdb7d059_JaffaCakes118
- Size
  
  910KB
- MD5
  
  731b375315d471b6d4c521aafdb7d059
- SHA1
  
  ff58197179f54d49db8aa698057f4b7c0c0de788
- SHA256
  
  563734356596c657ed114ac367b03c4bd71185cd5f49f798e07999fcdd5bf813
- SHA512
  
  e5fdc10cfbee59d3cad00cb9b855763e375ce8b766a3b42c2db57f4d67df3ec00cb0bd187ca16e759bac15f980dbc5455e45e4d689899d1c3bda50c16bc5e4f5
- SSDEEP
  
  24576:A+ivXbZrAJrr186rmIWgVRFyIMQ5xv+UXmRE43ss:A+OXbxz8JWgg5Q5kemRR8s
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence