General
-
Target
9732d4a09a25e267f18c702bb07dfaf8_JaffaCakes118
-
Size
19KB
-
Sample
240814-w63scsxcjf
-
MD5
9732d4a09a25e267f18c702bb07dfaf8
-
SHA1
4fc8f8521f80536defc84e061383d81ed38f9eee
-
SHA256
aa84b83e254dae278cff3886333538db6fbc2f044fd0fde09fef396f0fa7e1b8
-
SHA512
46d71c62cadbf3c71fc6eee9154e056c4798c0eff82bb8a3b5c917356b856b4a9f5ba0ec1ef5529b48d9fd9ad7f7d553ce7083aaa16e59c21915ef5f389df56d
-
SSDEEP
384:fFmTR9CRTZRojay++/qgQPFVvO55bU2ccw9H4KFEF:fFmTRgT02fgU/vOTbVU9H4MU
Malware Config
Targets
-
-
Target
9732d4a09a25e267f18c702bb07dfaf8_JaffaCakes118
-
Size
19KB
-
MD5
9732d4a09a25e267f18c702bb07dfaf8
-
SHA1
4fc8f8521f80536defc84e061383d81ed38f9eee
-
SHA256
aa84b83e254dae278cff3886333538db6fbc2f044fd0fde09fef396f0fa7e1b8
-
SHA512
46d71c62cadbf3c71fc6eee9154e056c4798c0eff82bb8a3b5c917356b856b4a9f5ba0ec1ef5529b48d9fd9ad7f7d553ce7083aaa16e59c21915ef5f389df56d
-
SSDEEP
384:fFmTR9CRTZRojay++/qgQPFVvO55bU2ccw9H4KFEF:fFmTRgT02fgU/vOTbVU9H4MU
Score10/10-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-