8d569fd43f00b7e277e5665c781c88252956a542525e9204f05020e800961b62 | Triage

Sharing

General

Target

c0630fa486eab503735b48d6b9f50928_JaffaCakes118
Size

68KB
Sample

240825-kxczssxepk
MD5

c0630fa486eab503735b48d6b9f50928
SHA1

e1ae200c9ae0966df4dfc23ec74241706f8d8cdd
SHA256

8d569fd43f00b7e277e5665c781c88252956a542525e9204f05020e800961b62
SHA512

c4d45c22dd30787aa0af48e940140fa1c40783e8f514538407d10370889fce39978f0517a592961549974d6ec5cee5b400e8b281d3f307f65b562bab1fcdea46
SSDEEP

768:BnX7Ag5YxnE+O1dh9EBnr5R+9LOZdU1paOFbMNXVlqf1zBmQzTGfmgyqaq:BnXsXEf1dzwnr5R6869yXmf1zwQVgva

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  c0630fa486eab503735b48d6b9f50928_JaffaCakes118
- Size
  
  68KB
- MD5
  
  c0630fa486eab503735b48d6b9f50928
- SHA1
  
  e1ae200c9ae0966df4dfc23ec74241706f8d8cdd
- SHA256
  
  8d569fd43f00b7e277e5665c781c88252956a542525e9204f05020e800961b62
- SHA512
  
  c4d45c22dd30787aa0af48e940140fa1c40783e8f514538407d10370889fce39978f0517a592961549974d6ec5cee5b400e8b281d3f307f65b562bab1fcdea46
- SSDEEP
  
  768:BnX7Ag5YxnE+O1dh9EBnr5R+9LOZdU1paOFbMNXVlqf1zBmQzTGfmgyqaq:BnXsXEf1dzwnr5R6869yXmf1zwQVgva
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence