94db2b706707b8116b5962fcdc2c15f3223e9c4159bc72c2190f516d4ad9705d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02e1a2db042879033938778ef95d3e9d_JaffaCakes118
Size

243KB
Sample

240727-3w9lgsvhrn
MD5

02e1a2db042879033938778ef95d3e9d
SHA1

109594736d73012b218d2893934ecf9f4a32a48f
SHA256

94db2b706707b8116b5962fcdc2c15f3223e9c4159bc72c2190f516d4ad9705d
SHA512

ed3712b9bee46c0f02affe74334773fc17a213214e4b91e1b79396c51268d40fc2d633536109cc31e962662477e3635ac868a49dc32e4719cfc94d3e2e1ed62e
SSDEEP

6144:Je2e91qhyg2LUheybf88b4+OKZ7N0r/U/CYMysT:JzePqhydoheKf88bjZRxwT

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  02e1a2db042879033938778ef95d3e9d_JaffaCakes118
- Size
  
  243KB
- MD5
  
  02e1a2db042879033938778ef95d3e9d
- SHA1
  
  109594736d73012b218d2893934ecf9f4a32a48f
- SHA256
  
  94db2b706707b8116b5962fcdc2c15f3223e9c4159bc72c2190f516d4ad9705d
- SHA512
  
  ed3712b9bee46c0f02affe74334773fc17a213214e4b91e1b79396c51268d40fc2d633536109cc31e962662477e3635ac868a49dc32e4719cfc94d3e2e1ed62e
- SSDEEP
  
  6144:Je2e91qhyg2LUheybf88b4+OKZ7N0r/U/CYMysT:JzePqhydoheKf88bjZRxwT
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence