622f52307bf7f08b6f5cacff8fe20ec6451d817ddd2f21af219654a9c6585192 | Triage

Sharing

General

Target

a8e360597222a5a51c6ad6979be0c41c_JaffaCakes118
Size

53KB
Sample

240819-a2swpsvamd
MD5

a8e360597222a5a51c6ad6979be0c41c
SHA1

733321bcda22a4403857d8e45a382de88af8a5c5
SHA256

622f52307bf7f08b6f5cacff8fe20ec6451d817ddd2f21af219654a9c6585192
SHA512

cd5a7cbf9645febe5b59747be57eed5ce65c0aeac1dcd2fc53b41b0860329ed8f34c44309a0557d49f7e880b7b7fcd19c1dc23fb041fc9282e632291392f7d00
SSDEEP

1536:F1qPFKNG2EhJtb5169H4QVVsssonrkC4LvQW74DAB9rp4yZhw40+:OPFEKhzbm4exWvQWhB9+S8+

Score

7^/10

defense_evasion persistence

Malware Config

Targets

- Target
  
  a8e360597222a5a51c6ad6979be0c41c_JaffaCakes118
- Size
  
  53KB
- MD5
  
  a8e360597222a5a51c6ad6979be0c41c
- SHA1
  
  733321bcda22a4403857d8e45a382de88af8a5c5
- SHA256
  
  622f52307bf7f08b6f5cacff8fe20ec6451d817ddd2f21af219654a9c6585192
- SHA512
  
  cd5a7cbf9645febe5b59747be57eed5ce65c0aeac1dcd2fc53b41b0860329ed8f34c44309a0557d49f7e880b7b7fcd19c1dc23fb041fc9282e632291392f7d00
- SSDEEP
  
  1536:F1qPFKNG2EhJtb5169H4QVVsssonrkC4LvQW74DAB9rp4yZhw40+:OPFEKhzbm4exWvQWhB9+S8+
Score

7^/10

defense_evasion persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Impair Defenses

Safe Mode Boot

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionpersistence

behavioral2