General
-
Target
a68a7ab925e4b20b7e374eb6409d2623_JaffaCakes118
-
Size
17KB
-
Sample
240818-m7hn5stemj
-
MD5
a68a7ab925e4b20b7e374eb6409d2623
-
SHA1
01fbea1a7c75fad4cb3e247f6f1450ec4cec9d8f
-
SHA256
157d78f7d2f6e6dd034cba7f8c368e90897ec0d7879208f325bf2e3545d47f62
-
SHA512
57a6b851884de9166ea082cd7e650d7c3ee0a0db1ab2f658919c80454f6cd8d64fcb013b9d3aa2a88339b232b06db664bd069ff0fd733198d7c1a5ea2027d904
-
SSDEEP
384:FilFiNQQxuh2oBRhfUDsWgYqjfunkyXDue5VTbi:FilFrIyUgW/qrunnXDT5Vbi
Malware Config
Targets
-
-
Target
a68a7ab925e4b20b7e374eb6409d2623_JaffaCakes118
-
Size
17KB
-
MD5
a68a7ab925e4b20b7e374eb6409d2623
-
SHA1
01fbea1a7c75fad4cb3e247f6f1450ec4cec9d8f
-
SHA256
157d78f7d2f6e6dd034cba7f8c368e90897ec0d7879208f325bf2e3545d47f62
-
SHA512
57a6b851884de9166ea082cd7e650d7c3ee0a0db1ab2f658919c80454f6cd8d64fcb013b9d3aa2a88339b232b06db664bd069ff0fd733198d7c1a5ea2027d904
-
SSDEEP
384:FilFiNQQxuh2oBRhfUDsWgYqjfunkyXDue5VTbi:FilFrIyUgW/qrunnXDT5Vbi
Score10/10-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-