General
-
Target
76f4f709a5404fa5990635b4d823ac38_JaffaCakes118
-
Size
342KB
-
Sample
240727-egdcqsyeld
-
MD5
76f4f709a5404fa5990635b4d823ac38
-
SHA1
12b78b2455a0fa04f13658a2b1d23304a7f19a43
-
SHA256
e08e6780ab0ddc15fe29497d01931eef3d16bc304982a34e923267810396a9ce
-
SHA512
23068375bf12e8269cf522299a2d777bf965ef5444d8bb0d92961cf2c8a862dd327dce28b89b3bcb4833d58f8262d2beb2e597c9c0232822dffc67b8be99ff00
-
SSDEEP
6144:WRqmpp+amNOGokzLyM9tsLAitQo6tzOKkzIt8gKyfjxfR9D2j4ykpGAen:mqmpplpGoGL3etQoMiXM8gxf/Sj4ykod
Malware Config
Targets
-
-
Target
76f4f709a5404fa5990635b4d823ac38_JaffaCakes118
-
Size
342KB
-
MD5
76f4f709a5404fa5990635b4d823ac38
-
SHA1
12b78b2455a0fa04f13658a2b1d23304a7f19a43
-
SHA256
e08e6780ab0ddc15fe29497d01931eef3d16bc304982a34e923267810396a9ce
-
SHA512
23068375bf12e8269cf522299a2d777bf965ef5444d8bb0d92961cf2c8a862dd327dce28b89b3bcb4833d58f8262d2beb2e597c9c0232822dffc67b8be99ff00
-
SSDEEP
6144:WRqmpp+amNOGokzLyM9tsLAitQo6tzOKkzIt8gKyfjxfR9D2j4ykpGAen:mqmpplpGoGL3etQoMiXM8gxf/Sj4ykod
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2