416e95226529d27e7704e4adc130df25a2648fcabffdb5d7f5c4692bded01709 | Triage

Sharing

General

Target

b2ffefbc048b080418182ec822662af7_JaffaCakes118
Size

43KB
Sample

240821-lvwvka1hqb
MD5

b2ffefbc048b080418182ec822662af7
SHA1

0105abeaa3ead3fb211b90ad26f9ba975d8635e8
SHA256

416e95226529d27e7704e4adc130df25a2648fcabffdb5d7f5c4692bded01709
SHA512

fe11bb2c960e14930550d6d63c3df0a96a4d2adb2d29bb915b0cdd74cafb614856141e837cc4a6fb2e1fa1f46007cf79ac2e45d354ff91708bc125061f4ef9c4
SSDEEP

768:Q1Hook7Rl3WHdSkB7BtrF1QR9AAui3ZvrqeeTd3G+:qIXtl3WHdSkpBtrF1iGAvZve53G

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  b2ffefbc048b080418182ec822662af7_JaffaCakes118
- Size
  
  43KB
- MD5
  
  b2ffefbc048b080418182ec822662af7
- SHA1
  
  0105abeaa3ead3fb211b90ad26f9ba975d8635e8
- SHA256
  
  416e95226529d27e7704e4adc130df25a2648fcabffdb5d7f5c4692bded01709
- SHA512
  
  fe11bb2c960e14930550d6d63c3df0a96a4d2adb2d29bb915b0cdd74cafb614856141e837cc4a6fb2e1fa1f46007cf79ac2e45d354ff91708bc125061f4ef9c4
- SSDEEP
  
  768:Q1Hook7Rl3WHdSkB7BtrF1QR9AAui3ZvrqeeTd3G+:qIXtl3WHdSkpBtrF1iGAvZve53G
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence