df0aa7ad4f4798914698260f7098430fa433194eb0637a85853dd763ee2f78d8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2c20aaaec3dc12f37d19855a9c5dd99_JaffaCakes118
Size

46KB
Sample

240907-y3g3lavgpf
MD5

d2c20aaaec3dc12f37d19855a9c5dd99
SHA1

6e04ae0f14f18d902b59bb93b2a2f0cdccd8fb11
SHA256

df0aa7ad4f4798914698260f7098430fa433194eb0637a85853dd763ee2f78d8
SHA512

958d2689e8f4821505912c82a3fcb9f66819c382506725fa0dd8510e97fe733b0d6d0c49453ecf159576d87acb5b14c78459f60e0c533d43842f600af86ac843
SSDEEP

768:HLAlWE7nUjVsbOYpMkT7CPWkI+8cUmzqdsMX/wuUlF4LXd9H8fMp6sr+Q3wSqart:H5E7Ujub9h6VKcUeCsEUly8fKX+Q3wSE

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  d2c20aaaec3dc12f37d19855a9c5dd99_JaffaCakes118
- Size
  
  46KB
- MD5
  
  d2c20aaaec3dc12f37d19855a9c5dd99
- SHA1
  
  6e04ae0f14f18d902b59bb93b2a2f0cdccd8fb11
- SHA256
  
  df0aa7ad4f4798914698260f7098430fa433194eb0637a85853dd763ee2f78d8
- SHA512
  
  958d2689e8f4821505912c82a3fcb9f66819c382506725fa0dd8510e97fe733b0d6d0c49453ecf159576d87acb5b14c78459f60e0c533d43842f600af86ac843
- SSDEEP
  
  768:HLAlWE7nUjVsbOYpMkT7CPWkI+8cUmzqdsMX/wuUlF4LXd9H8fMp6sr+Q3wSqart:H5E7Ujub9h6VKcUeCsEUly8fKX+Q3wSE
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence