29347326a68d31fc25babfa14c0a2791eec1b362173883d12b2af7e98583e3f3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d125cefc3e51bf1117920674ab5a405eJaffaCakes118
Size

94KB
Sample

240907-pfw4katfjn
MD5

d125cefc3e51bf1117920674ab5a405e
SHA1

0db2242860bb44bc6dea1546edea1d0db9fc7349
SHA256

29347326a68d31fc25babfa14c0a2791eec1b362173883d12b2af7e98583e3f3
SHA512

88693fe105017b55424826486a690cd16a898d1dd933c5cc09066940c46d0c1c3716c5ed77d48308d9d58e298fb83b13f4183ed43432e5e629278f5279c6396c
SSDEEP

1536:ciSf1sDC/DZPsAbEq+mSDy2xMSpVPQ7Okgas6pI+8VtWhhke5MXr7a0wAmAk:JSfdDZjYqb1O8sSuGIXrR

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  d125cefc3e51bf1117920674ab5a405eJaffaCakes118
- Size
  
  94KB
- MD5
  
  d125cefc3e51bf1117920674ab5a405e
- SHA1
  
  0db2242860bb44bc6dea1546edea1d0db9fc7349
- SHA256
  
  29347326a68d31fc25babfa14c0a2791eec1b362173883d12b2af7e98583e3f3
- SHA512
  
  88693fe105017b55424826486a690cd16a898d1dd933c5cc09066940c46d0c1c3716c5ed77d48308d9d58e298fb83b13f4183ed43432e5e629278f5279c6396c
- SSDEEP
  
  1536:ciSf1sDC/DZPsAbEq+mSDy2xMSpVPQ7Okgas6pI+8VtWhhke5MXr7a0wAmAk:JSfdDZjYqb1O8sSuGIXrR
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence