7b30e67e2cf9431101608566c9121d3ce73ed3af55c66efac28c42823538b470 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a81fed548ede57ba94e14b3f979de5fc_JaffaCakes118
Size

304KB
Sample

240818-zezs6sshlc
MD5

a81fed548ede57ba94e14b3f979de5fc
SHA1

882f64a474daef7f454c97706978903050e18cbf
SHA256

7b30e67e2cf9431101608566c9121d3ce73ed3af55c66efac28c42823538b470
SHA512

dace8d918f0e164d6cd11f28d9e2be49e537f34642366a8c49f72c8003956f4e7c72bc0e97e7f0f734ea41e958a29eb6665e7d1dc4272e8391bc620795a1fd66
SSDEEP

1536:Vvf1zwQVgQJtdL9uTe/lWFhvzC8k8nChO1QpEcf1zwQVgvJXi+:Vn1zwLQ/Z9uTe4hvbk8ntQpE81zwLvJ

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  a81fed548ede57ba94e14b3f979de5fc_JaffaCakes118
- Size
  
  304KB
- MD5
  
  a81fed548ede57ba94e14b3f979de5fc
- SHA1
  
  882f64a474daef7f454c97706978903050e18cbf
- SHA256
  
  7b30e67e2cf9431101608566c9121d3ce73ed3af55c66efac28c42823538b470
- SHA512
  
  dace8d918f0e164d6cd11f28d9e2be49e537f34642366a8c49f72c8003956f4e7c72bc0e97e7f0f734ea41e958a29eb6665e7d1dc4272e8391bc620795a1fd66
- SSDEEP
  
  1536:Vvf1zwQVgQJtdL9uTe/lWFhvzC8k8nChO1QpEcf1zwQVgvJXi+:Vn1zwLQ/Z9uTe4hvbk8ntQpE81zwLvJ
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence