dec109b879e2ce39464d7deab798eb8aceb3f58c9583052c87dc693c97652409 | Triage

Sharing

General

Target

aa132ef10f213a83b8edfde6546ca3af_JaffaCakes118
Size

432KB
Sample

240819-h2e9ls1apb
MD5

aa132ef10f213a83b8edfde6546ca3af
SHA1

e5bc652a0d468677e7e4edceb75a8b9c458acdbf
SHA256

dec109b879e2ce39464d7deab798eb8aceb3f58c9583052c87dc693c97652409
SHA512

1391a67cd80151ad54129a5c0271c658dad6bc15f47cea9024bb43cd1bf4bfde3289fa2041ef366d3e58d6dac67304b6de193b163bc9a8682911e259436bcbd5
SSDEEP

12288:QkCdyiaajRf8EQ9TfTL+VWmQYeFe68ID/B3Se:Q9R+Q2e6jh9

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  aa132ef10f213a83b8edfde6546ca3af_JaffaCakes118
- Size
  
  432KB
- MD5
  
  aa132ef10f213a83b8edfde6546ca3af
- SHA1
  
  e5bc652a0d468677e7e4edceb75a8b9c458acdbf
- SHA256
  
  dec109b879e2ce39464d7deab798eb8aceb3f58c9583052c87dc693c97652409
- SHA512
  
  1391a67cd80151ad54129a5c0271c658dad6bc15f47cea9024bb43cd1bf4bfde3289fa2041ef366d3e58d6dac67304b6de193b163bc9a8682911e259436bcbd5
- SSDEEP
  
  12288:QkCdyiaajRf8EQ9TfTL+VWmQYeFe68ID/B3Se:Q9R+Q2e6jh9
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence