4f38bd7e243d09dbe6f391bdff72bb39634f47edd76c2e746e006c4474271a25 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

827ea4ccc49473ee12065e1c8b72024a_JaffaCakes118
Size

80KB
Sample

240802-bq89zsxbqj
MD5

827ea4ccc49473ee12065e1c8b72024a
SHA1

0b89f20611021326debe4a8d9b15084df7a26bd1
SHA256

4f38bd7e243d09dbe6f391bdff72bb39634f47edd76c2e746e006c4474271a25
SHA512

2d5b6eb71959012a65c2a331df099510b7573115f568ce5e5eb4f521fc51a2b01df52924ebfb77f90dbd55b4bfcb900cd96260f6f04c6ed744c6d8fa190e84c7
SSDEEP

1536:/70spVbfKv2DHEv+x31yrwbPa5Gh2MjQpk6wZEaRhdsRRII:/VK+bEv+1bPa5K2MjMk6wZEajKII

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  827ea4ccc49473ee12065e1c8b72024a_JaffaCakes118
- Size
  
  80KB
- MD5
  
  827ea4ccc49473ee12065e1c8b72024a
- SHA1
  
  0b89f20611021326debe4a8d9b15084df7a26bd1
- SHA256
  
  4f38bd7e243d09dbe6f391bdff72bb39634f47edd76c2e746e006c4474271a25
- SHA512
  
  2d5b6eb71959012a65c2a331df099510b7573115f568ce5e5eb4f521fc51a2b01df52924ebfb77f90dbd55b4bfcb900cd96260f6f04c6ed744c6d8fa190e84c7
- SSDEEP
  
  1536:/70spVbfKv2DHEv+x31yrwbPa5Gh2MjQpk6wZEaRhdsRRII:/VK+bEv+1bPa5K2MjMk6wZEajKII
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence