f5b44d76655612ce025a2cabb42760cffc0e8590a1694c5334cb5c7aa1ba2841 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dddf4a3b277460142e550f7a8f03b249_JaffaCakes118
Size

61KB
Sample

240913-hcypnayhkq
MD5

dddf4a3b277460142e550f7a8f03b249
SHA1

83da791d7fd1afa76c31fdd628ba6667d5c5559f
SHA256

f5b44d76655612ce025a2cabb42760cffc0e8590a1694c5334cb5c7aa1ba2841
SHA512

61b8e410d138ee24e273dbb3ffb182e82158bba47538f881c9d92c646e411e32c963f58f5511e3eb03c79ffd884cf38aa8fe354e51f9364af69eb14c693f37d2
SSDEEP

1536:GeDxxOPsmbEtaFhpwQGNQOQKXtUOVQpH/hwzFeM3/kn:GixMEV8wQAQOQKX+4QpmFtsn

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  dddf4a3b277460142e550f7a8f03b249_JaffaCakes118
- Size
  
  61KB
- MD5
  
  dddf4a3b277460142e550f7a8f03b249
- SHA1
  
  83da791d7fd1afa76c31fdd628ba6667d5c5559f
- SHA256
  
  f5b44d76655612ce025a2cabb42760cffc0e8590a1694c5334cb5c7aa1ba2841
- SHA512
  
  61b8e410d138ee24e273dbb3ffb182e82158bba47538f881c9d92c646e411e32c963f58f5511e3eb03c79ffd884cf38aa8fe354e51f9364af69eb14c693f37d2
- SSDEEP
  
  1536:GeDxxOPsmbEtaFhpwQGNQOQKXtUOVQpH/hwzFeM3/kn:GixMEV8wQAQOQKX+4QpmFtsn
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence