15e80fe05569cf04789d53bf2f9734a98b9eee3b3e3f799000c816d784e40552 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

89b303a8b905877f39f2d3854226bea1_JaffaCakes118
Size

258KB
Sample

240811-khlndswfjb
MD5

89b303a8b905877f39f2d3854226bea1
SHA1

8d575e722ea0c2c8475c68ddda507a7349166900
SHA256

15e80fe05569cf04789d53bf2f9734a98b9eee3b3e3f799000c816d784e40552
SHA512

e00e76e348d1efd698888d1502f9da06f09e09a97781fc84261923d405cc676aa0bb93e8f4322a3a0655f4cf737a0f361191936e2dfa95d8ce666c033e1d6235
SSDEEP

3072:HFgNx7UOOrEHuOMwhvLqJhacw8kgrY1ymk2+oRVDqc9ZZIap1ak4yfeVMB0anXBQ:H6TOrEHJNUkgU5m0ZOMcCWw+PGlW

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  89b303a8b905877f39f2d3854226bea1_JaffaCakes118
- Size
  
  258KB
- MD5
  
  89b303a8b905877f39f2d3854226bea1
- SHA1
  
  8d575e722ea0c2c8475c68ddda507a7349166900
- SHA256
  
  15e80fe05569cf04789d53bf2f9734a98b9eee3b3e3f799000c816d784e40552
- SHA512
  
  e00e76e348d1efd698888d1502f9da06f09e09a97781fc84261923d405cc676aa0bb93e8f4322a3a0655f4cf737a0f361191936e2dfa95d8ce666c033e1d6235
- SSDEEP
  
  3072:HFgNx7UOOrEHuOMwhvLqJhacw8kgrY1ymk2+oRVDqc9ZZIap1ak4yfeVMB0anXBQ:H6TOrEHJNUkgU5m0ZOMcCWw+PGlW
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence