81ac9c2c4448586c64cd8b98bdfec6289c2e5622a273daf3f59acb208b93bb27 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d65b826edc85b0ea3a34970e591a8287_JaffaCakes118
Size

470KB
Sample

240909-p6tfcsyfln
MD5

d65b826edc85b0ea3a34970e591a8287
SHA1

d764f35b9e134423a46083749472416968166282
SHA256

81ac9c2c4448586c64cd8b98bdfec6289c2e5622a273daf3f59acb208b93bb27
SHA512

87e83abf2f19c7bce338dc55336e415edaeff6f518a3426998779507cb6a7e2070e2ad877e4f74cabeb6792349bd686f2ccfd54631fd5612292bd8f9ef3fb935
SSDEEP

12288:iuyyotW0qcmgXCnpH/BwiM9OMQL/9VUQ3ZCQxa:Uyotjqayn7wiM9OMQ5VUMZLI

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  d65b826edc85b0ea3a34970e591a8287_JaffaCakes118
- Size
  
  470KB
- MD5
  
  d65b826edc85b0ea3a34970e591a8287
- SHA1
  
  d764f35b9e134423a46083749472416968166282
- SHA256
  
  81ac9c2c4448586c64cd8b98bdfec6289c2e5622a273daf3f59acb208b93bb27
- SHA512
  
  87e83abf2f19c7bce338dc55336e415edaeff6f518a3426998779507cb6a7e2070e2ad877e4f74cabeb6792349bd686f2ccfd54631fd5612292bd8f9ef3fb935
- SSDEEP
  
  12288:iuyyotW0qcmgXCnpH/BwiM9OMQL/9VUQ3ZCQxa:Uyotjqayn7wiM9OMQ5VUMZLI
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence