4478d2de4944a243a016f594f31f05f94e4d7caab220cc52cd8b0366afcc60cc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0c69b98190cbab01e064bfbedf984c5_JaffaCakes118
Size

45KB
Sample

240914-w34v9ayfmc
MD5

e0c69b98190cbab01e064bfbedf984c5
SHA1

d6fbefa903691f9f8d170048fbcebbeb837e7207
SHA256

4478d2de4944a243a016f594f31f05f94e4d7caab220cc52cd8b0366afcc60cc
SHA512

cdee840e6c447d627fcbf0863544862b06391153d54edcb695bc6cd74129230876e4a6312a9970f7029054bd38fe450981d153ae9077283b8f4980058389cb9e
SSDEEP

192:6cNhCefrVvNzFCTr312vkWl92NGossJ608MG:68HfrVFaZ3i2MosK6d1

Score

10^/10

defense_evasion discovery persistence

Malware Config

Targets

- Target
  
  e0c69b98190cbab01e064bfbedf984c5_JaffaCakes118
- Size
  
  45KB
- MD5
  
  e0c69b98190cbab01e064bfbedf984c5
- SHA1
  
  d6fbefa903691f9f8d170048fbcebbeb837e7207
- SHA256
  
  4478d2de4944a243a016f594f31f05f94e4d7caab220cc52cd8b0366afcc60cc
- SHA512
  
  cdee840e6c447d627fcbf0863544862b06391153d54edcb695bc6cd74129230876e4a6312a9970f7029054bd38fe450981d153ae9077283b8f4980058389cb9e
- SSDEEP
  
  192:6cNhCefrVvNzFCTr312vkWl92NGossJ608MG:68HfrVFaZ3i2MosK6d1
Score

10^/10

defense_evasion discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscoverypersistence