be8b2192fa35e7e858f75924b4975847db1becbe31af40b6a98eb6e289a97d1c | Triage

Sharing

General

Target

bff9174445b232f80f7e3bb6b037a680_JaffaCakes118
Size

48KB
Sample

240825-fbs2nsvfma
MD5

bff9174445b232f80f7e3bb6b037a680
SHA1

6a5b756eea932fc29fc8d517c95a195a82b32344
SHA256

be8b2192fa35e7e858f75924b4975847db1becbe31af40b6a98eb6e289a97d1c
SHA512

e59db224f6f41b672f64f20b63a1495f8f0add721935fb18dad9366ae94e3d15118ff397a1ca6f543031157d26e1d765a358cf19dd0dda27007f677903672ae4
SSDEEP

768:Qj/i1l8iI4PciLB90t66NY7IEThzuaP31zE2Q0+cZ0ifFeRyPQ8IuzMQ:f1l8iFz/PTj31zPQ80AoleM

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  bff9174445b232f80f7e3bb6b037a680_JaffaCakes118
- Size
  
  48KB
- MD5
  
  bff9174445b232f80f7e3bb6b037a680
- SHA1
  
  6a5b756eea932fc29fc8d517c95a195a82b32344
- SHA256
  
  be8b2192fa35e7e858f75924b4975847db1becbe31af40b6a98eb6e289a97d1c
- SHA512
  
  e59db224f6f41b672f64f20b63a1495f8f0add721935fb18dad9366ae94e3d15118ff397a1ca6f543031157d26e1d765a358cf19dd0dda27007f677903672ae4
- SSDEEP
  
  768:Qj/i1l8iI4PciLB90t66NY7IEThzuaP31zE2Q0+cZ0ifFeRyPQ8IuzMQ:f1l8iFz/PTj31zPQ80AoleM
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence