e70b4babe583dadf429e82e71687b6eeb90f8e8856bcd9fccba23d30b4a9e405 | Triage

Sharing

General

Target

d01951844301c5386f6b9be138dbe917_JaffaCakes118
Size

234KB
Sample

240906-v9fxbszdrg
MD5

d01951844301c5386f6b9be138dbe917
SHA1

a79d518cb82485778bfdc593b0efefc785049afc
SHA256

e70b4babe583dadf429e82e71687b6eeb90f8e8856bcd9fccba23d30b4a9e405
SHA512

afcacdddcb45bcebd365973b33a57e385f957840412fdb80a28f17279f7c57d744623fa1a5062124776742b11451b466df5e0a13976ec3a758a075bb00203774
SSDEEP

3072:GIHAFtwFfbsoy/Dogae9ToxUfZVdPDZpOh5OYEPcC4lHSBHX8/HKFWgsveQsWt8e:ljsoODI1I3Pr0GUC41cHMvKFyve5WHR

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  d01951844301c5386f6b9be138dbe917_JaffaCakes118
- Size
  
  234KB
- MD5
  
  d01951844301c5386f6b9be138dbe917
- SHA1
  
  a79d518cb82485778bfdc593b0efefc785049afc
- SHA256
  
  e70b4babe583dadf429e82e71687b6eeb90f8e8856bcd9fccba23d30b4a9e405
- SHA512
  
  afcacdddcb45bcebd365973b33a57e385f957840412fdb80a28f17279f7c57d744623fa1a5062124776742b11451b466df5e0a13976ec3a758a075bb00203774
- SSDEEP
  
  3072:GIHAFtwFfbsoy/Dogae9ToxUfZVdPDZpOh5OYEPcC4lHSBHX8/HKFWgsveQsWt8e:ljsoODI1I3Pr0GUC41cHMvKFyve5WHR
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2