58d4c764eef8143bcbc448145548b6258859bd4c574cf5519fcde369abe32194 | Triage

Sharing

General

Target

964f1fca8a98243ef72d76ca672a6b29_JaffaCakes118
Size

401KB
Sample

240814-qwslrazcpq
MD5

964f1fca8a98243ef72d76ca672a6b29
SHA1

fd151989622d0b23c015a2bf422e63227cf79e06
SHA256

58d4c764eef8143bcbc448145548b6258859bd4c574cf5519fcde369abe32194
SHA512

618a3807718a1edb19138acf5418522b163d4fe3a5940c528d91751eab0fae2750b602af53de51f3e64528e6f79896c3d1bbabe9e881e8c8b16e4f8e92512340
SSDEEP

6144:E2vpXR8C9xMUWhYegAsGJk/cUrF1E10QZJ7gW6gTmC6aJseQiITqAy4a8XqMVyZ:5h8UoYegJGJkRjEDn7gi1KzzTVMMYZ

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  964f1fca8a98243ef72d76ca672a6b29_JaffaCakes118
- Size
  
  401KB
- MD5
  
  964f1fca8a98243ef72d76ca672a6b29
- SHA1
  
  fd151989622d0b23c015a2bf422e63227cf79e06
- SHA256
  
  58d4c764eef8143bcbc448145548b6258859bd4c574cf5519fcde369abe32194
- SHA512
  
  618a3807718a1edb19138acf5418522b163d4fe3a5940c528d91751eab0fae2750b602af53de51f3e64528e6f79896c3d1bbabe9e881e8c8b16e4f8e92512340
- SSDEEP
  
  6144:E2vpXR8C9xMUWhYegAsGJk/cUrF1E10QZJ7gW6gTmC6aJseQiITqAy4a8XqMVyZ:5h8UoYegJGJkRjEDn7gi1KzzTVMMYZ
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence