777bda933889849eabeced11f1e545cb7f74cfb2139567ca6282f1f0903310cc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df6afd22c123520768ceb5fa00d77011_JaffaCakes118
Size

34KB
Sample

240914-d6tkksvdnp
MD5

df6afd22c123520768ceb5fa00d77011
SHA1

c4443e03e40b06f9560be46853a4976a330da998
SHA256

777bda933889849eabeced11f1e545cb7f74cfb2139567ca6282f1f0903310cc
SHA512

624f21ce15f2f87ffa1fa6f0bd294091dfa569d7fd46a2d2becc12209f2dfc21a47736a6b09677d2d14e771cee911be5fec7e24a484ede278e06ce2f23680c87
SSDEEP

768:EF9wCA1f/KSE/7fE8aFbh2dqLUgvL89WrsSd6+U/v:EkCA1fiS27qFbhaqLUyL8IrsSd6/v

Score

10^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  df6afd22c123520768ceb5fa00d77011_JaffaCakes118
- Size
  
  34KB
- MD5
  
  df6afd22c123520768ceb5fa00d77011
- SHA1
  
  c4443e03e40b06f9560be46853a4976a330da998
- SHA256
  
  777bda933889849eabeced11f1e545cb7f74cfb2139567ca6282f1f0903310cc
- SHA512
  
  624f21ce15f2f87ffa1fa6f0bd294091dfa569d7fd46a2d2becc12209f2dfc21a47736a6b09677d2d14e771cee911be5fec7e24a484ede278e06ce2f23680c87
- SSDEEP
  
  768:EF9wCA1f/KSE/7fE8aFbh2dqLUgvL89WrsSd6+U/v:EkCA1fiS27qFbhaqLUyL8IrsSd6/v
Score

10^/10

discovery evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2