c9f091eefe4f0018d83814bc52b656d8c7b7ae646bd57067115d8efd57d103e8 | Triage

Sharing

General

Target

b04dff1e33599ca8cdc2d2acbcbbc583_JaffaCakes118
Size

329KB
Sample

240820-wvs4sazfpk
MD5

b04dff1e33599ca8cdc2d2acbcbbc583
SHA1

ff6e190803811def3389747e307c89dab02e51ff
SHA256

c9f091eefe4f0018d83814bc52b656d8c7b7ae646bd57067115d8efd57d103e8
SHA512

9b04c80dcbf64624da8b69d3b778e11b8a486282a34abcd3a1229ec6c8a095b995a163ea63522955b03eaa60286c111f8ebeea9653b8b0e66da53e425902397a
SSDEEP

6144:CJTjc7Ix6gspWrkLDj9ivMFiEcL4FQpSpxtCIwLRjdBug6:Cq7+JspWwD5KMFiL4F64tCIwLRjfug6

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  b04dff1e33599ca8cdc2d2acbcbbc583_JaffaCakes118
- Size
  
  329KB
- MD5
  
  b04dff1e33599ca8cdc2d2acbcbbc583
- SHA1
  
  ff6e190803811def3389747e307c89dab02e51ff
- SHA256
  
  c9f091eefe4f0018d83814bc52b656d8c7b7ae646bd57067115d8efd57d103e8
- SHA512
  
  9b04c80dcbf64624da8b69d3b778e11b8a486282a34abcd3a1229ec6c8a095b995a163ea63522955b03eaa60286c111f8ebeea9653b8b0e66da53e425902397a
- SSDEEP
  
  6144:CJTjc7Ix6gspWrkLDj9ivMFiEcL4FQpSpxtCIwLRjdBug6:Cq7+JspWwD5KMFiL4F64tCIwLRjfug6
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence