12be3d4cb83619755aac7075b20a46a2eae9a3ebd9adc7bb73716af1ade27977 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a3382c1a52dfff30d6fc08aa7976c7a4_JaffaCakes118
Size

571KB
Sample

240817-tl1fdsxcrn
MD5

a3382c1a52dfff30d6fc08aa7976c7a4
SHA1

29f4079f9be93d08242a1ec1f73bedfb64a7c716
SHA256

12be3d4cb83619755aac7075b20a46a2eae9a3ebd9adc7bb73716af1ade27977
SHA512

9f2e675a58b59f9f42821fcf4450060faa34101dea66d43cbda523be6efb2cf90118981d576005730a154100b11eb642d8c0b3b75a57de06f4f32216dcacde83
SSDEEP

12288:vXdSljCdooqiAbwB5kQ2H6bhk2LWEX7MtJbNWx3t:gwdop3wDkQs6dkpEXgbRWZt

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  a3382c1a52dfff30d6fc08aa7976c7a4_JaffaCakes118
- Size
  
  571KB
- MD5
  
  a3382c1a52dfff30d6fc08aa7976c7a4
- SHA1
  
  29f4079f9be93d08242a1ec1f73bedfb64a7c716
- SHA256
  
  12be3d4cb83619755aac7075b20a46a2eae9a3ebd9adc7bb73716af1ade27977
- SHA512
  
  9f2e675a58b59f9f42821fcf4450060faa34101dea66d43cbda523be6efb2cf90118981d576005730a154100b11eb642d8c0b3b75a57de06f4f32216dcacde83
- SSDEEP
  
  12288:vXdSljCdooqiAbwB5kQ2H6bhk2LWEX7MtJbNWx3t:gwdop3wDkQs6dkpEXgbRWZt
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence