d09224cba766da2b3d96035b2546a0b2551625d082ac9ed6c406db9d812f8e64 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8ec3e3bbe0b67b005072d0fdd39e35e9_JaffaCakes118
Size

276KB
Sample

240812-prfkys1elj
MD5

8ec3e3bbe0b67b005072d0fdd39e35e9
SHA1

6e6ee8039d684142dbf430cb92bdf4445764dba4
SHA256

d09224cba766da2b3d96035b2546a0b2551625d082ac9ed6c406db9d812f8e64
SHA512

80e9713a181ec794ca49a0a9d14cebfdea5ec68897c1f507f3f3b3bec84a2de63b3aaad7a520dc191d74a0588342e75e73d3f1c25278d2e268d6d0092600af74
SSDEEP

1536:6oaxhd8RYrUwvd0Iunhb8lMrYs01foOrGzLZwMpRg7HuuKt9JplLDBk44/hwwza7:6oaDxYud0IunhbpV1OIzpRwajBtHumT

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  8ec3e3bbe0b67b005072d0fdd39e35e9_JaffaCakes118
- Size
  
  276KB
- MD5
  
  8ec3e3bbe0b67b005072d0fdd39e35e9
- SHA1
  
  6e6ee8039d684142dbf430cb92bdf4445764dba4
- SHA256
  
  d09224cba766da2b3d96035b2546a0b2551625d082ac9ed6c406db9d812f8e64
- SHA512
  
  80e9713a181ec794ca49a0a9d14cebfdea5ec68897c1f507f3f3b3bec84a2de63b3aaad7a520dc191d74a0588342e75e73d3f1c25278d2e268d6d0092600af74
- SSDEEP
  
  1536:6oaxhd8RYrUwvd0Iunhb8lMrYs01foOrGzLZwMpRg7HuuKt9JplLDBk44/hwwza7:6oaDxYud0IunhbpV1OIzpRwajBtHumT
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence