5a0542db1a75fba616108b5adc9332573adf13fa7669cd64e78cce856d721a08 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bca8e0a4e0f5b1a173d891160d27033b_JaffaCakes118
Size

416KB
Sample

240823-wtsrma1clr
MD5

bca8e0a4e0f5b1a173d891160d27033b
SHA1

eaf92da3bfb0a9c4d4dac1c70f6cc85da8734ec4
SHA256

5a0542db1a75fba616108b5adc9332573adf13fa7669cd64e78cce856d721a08
SHA512

3ed54d8e07cdb9fa3db8036198354d9cffab692b463694e5c0ad2bfc9494d01418a59e28c23e9d4ec8bfe323eea44e93ce27412b057f45c581dfb187773ab248
SSDEEP

3072:vvR79TBFJkEJC64phd4fP649XaNlyHhEEDAZvvPTgeac2BoyyL7yFT:v3THBEEDqvbgeiXn

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  bca8e0a4e0f5b1a173d891160d27033b_JaffaCakes118
- Size
  
  416KB
- MD5
  
  bca8e0a4e0f5b1a173d891160d27033b
- SHA1
  
  eaf92da3bfb0a9c4d4dac1c70f6cc85da8734ec4
- SHA256
  
  5a0542db1a75fba616108b5adc9332573adf13fa7669cd64e78cce856d721a08
- SHA512
  
  3ed54d8e07cdb9fa3db8036198354d9cffab692b463694e5c0ad2bfc9494d01418a59e28c23e9d4ec8bfe323eea44e93ce27412b057f45c581dfb187773ab248
- SSDEEP
  
  3072:vvR79TBFJkEJC64phd4fP649XaNlyHhEEDAZvvPTgeac2BoyyL7yFT:v3THBEEDqvbgeiXn
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2