701337aeec59e62e19324ccd027966fc6f09134fbcb8ea8fcc60db96b294d84a | Triage

Sharing

General

Target

d0563cb3c7aa6d5ee73edfa2acdb8ab1_JaffaCakes118
Size

13.6MB
Sample

240906-ykhamsvdnk
MD5

d0563cb3c7aa6d5ee73edfa2acdb8ab1
SHA1

7572c995926524332c81a64682cf21bda26a83b2
SHA256

701337aeec59e62e19324ccd027966fc6f09134fbcb8ea8fcc60db96b294d84a
SHA512

46ca58ff0bcc22a4e58f1211413cba331f136f397e280e00b67cb6300242b0c55783ab0d0dc73d3d6e7dfb79ad1725eacdea9384ae2eedf121a1acb56922bdd5
SSDEEP

192:c2/2VgqKGxmQtAy2dNQOa099GfsvYgmhT9zHJxhlQtAwimP1oyG+Ra4:c2/vg0xlGHjRNvQtAjQ14+l

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  d0563cb3c7aa6d5ee73edfa2acdb8ab1_JaffaCakes118
- Size
  
  13.6MB
- MD5
  
  d0563cb3c7aa6d5ee73edfa2acdb8ab1
- SHA1
  
  7572c995926524332c81a64682cf21bda26a83b2
- SHA256
  
  701337aeec59e62e19324ccd027966fc6f09134fbcb8ea8fcc60db96b294d84a
- SHA512
  
  46ca58ff0bcc22a4e58f1211413cba331f136f397e280e00b67cb6300242b0c55783ab0d0dc73d3d6e7dfb79ad1725eacdea9384ae2eedf121a1acb56922bdd5
- SSDEEP
  
  192:c2/2VgqKGxmQtAy2dNQOa099GfsvYgmhT9zHJxhlQtAwimP1oyG+Ra4:c2/vg0xlGHjRNvQtAjQ14+l
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence