3aa8fa79a4dabff6d013824fd793f1e5d2d502d9d5f00e1308f6b2a1a81534d3 | Triage

Sharing

General

Target

bbf7f6a884c9097a28a711d8c3d6aaa8_JaffaCakes118
Size

284KB
Sample

240823-q1f4hsxcpa
MD5

bbf7f6a884c9097a28a711d8c3d6aaa8
SHA1

04e5a05f9365c425a644c2e9f15ba5bf05e9b5aa
SHA256

3aa8fa79a4dabff6d013824fd793f1e5d2d502d9d5f00e1308f6b2a1a81534d3
SHA512

cb69e18e44f775b01b1ec7bb66087fe68ec6f6b3c5459ecad76e04098e3d366003fac0f8d7e39403a722e6cc5cd90c3c2f72d5f3005f965c9ea798016f61fd0e
SSDEEP

384:weU8UGbu7QwvIHfNZaB5fR8iuhVKZH1JqDA1n5DU4uWUl:weaAu77I/6BlR8i2VKZVJD1nZVuL

Score

10^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  bbf7f6a884c9097a28a711d8c3d6aaa8_JaffaCakes118
- Size
  
  284KB
- MD5
  
  bbf7f6a884c9097a28a711d8c3d6aaa8
- SHA1
  
  04e5a05f9365c425a644c2e9f15ba5bf05e9b5aa
- SHA256
  
  3aa8fa79a4dabff6d013824fd793f1e5d2d502d9d5f00e1308f6b2a1a81534d3
- SHA512
  
  cb69e18e44f775b01b1ec7bb66087fe68ec6f6b3c5459ecad76e04098e3d366003fac0f8d7e39403a722e6cc5cd90c3c2f72d5f3005f965c9ea798016f61fd0e
- SSDEEP
  
  384:weU8UGbu7QwvIHfNZaB5fR8iuhVKZH1JqDA1n5DU4uWUl:weaAu77I/6BlR8i2VKZVJD1nZVuL
Score

10^/10

discovery evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence