a7ccb40c0b778ee59f3c936d4aa2e4fefe72de062e65c31d7a8c9dcd0fc0ca3b | Triage

Sharing

General

Target

ba5b9664375493e71ed0e8b393aaaf0f_JaffaCakes118
Size

202KB
Sample

240823-e21c1avfpc
MD5

ba5b9664375493e71ed0e8b393aaaf0f
SHA1

cc7cd2085c141a9ecdb023fc969da32aaea3b63e
SHA256

a7ccb40c0b778ee59f3c936d4aa2e4fefe72de062e65c31d7a8c9dcd0fc0ca3b
SHA512

cc65bf131f0df891e65a8447f87b6b626035f6c3617fdc306593e0eb2b765d2f38c571efed25e7c208299238d88d76cae30bd19893e705479e6cf4e165befcb8
SSDEEP

6144:PFP2x9+EkFBOg3S1/hHpa1ZYe0Es/YdDMZjnq4hy9F:P0+C3Hw1ZYe0Es/qMJq4Y9F

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  ba5b9664375493e71ed0e8b393aaaf0f_JaffaCakes118
- Size
  
  202KB
- MD5
  
  ba5b9664375493e71ed0e8b393aaaf0f
- SHA1
  
  cc7cd2085c141a9ecdb023fc969da32aaea3b63e
- SHA256
  
  a7ccb40c0b778ee59f3c936d4aa2e4fefe72de062e65c31d7a8c9dcd0fc0ca3b
- SHA512
  
  cc65bf131f0df891e65a8447f87b6b626035f6c3617fdc306593e0eb2b765d2f38c571efed25e7c208299238d88d76cae30bd19893e705479e6cf4e165befcb8
- SSDEEP
  
  6144:PFP2x9+EkFBOg3S1/hHpa1ZYe0Es/YdDMZjnq4hy9F:P0+C3Hw1ZYe0Es/qMJq4Y9F
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2