f7975bc0c0fa4c0765eff0dccc88e756abb186eed23bfa7f5ee67c731e7f4a8f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eafef610148d9f61233eeb9bb0736f5f_JaffaCakes118
Size

576KB
Sample

240919-kyvaga1djj
MD5

eafef610148d9f61233eeb9bb0736f5f
SHA1

39c3e87414a407911b73b222546133fa58d54d16
SHA256

f7975bc0c0fa4c0765eff0dccc88e756abb186eed23bfa7f5ee67c731e7f4a8f
SHA512

1f5d5ba65181ed0fc0f7906d173cb1159f0b74072ab1bb5e624a905ce799339b46f070c23c42b04c342fd3a5e90b9251891b7f7b8f186f1e80e8b8c7866aae9e
SSDEEP

12288:QCkc/Xwu/sro3X5Azmgh1R3/n0aRz6mHG:QRc/wu/p3X5emghH/0wzdH

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  eafef610148d9f61233eeb9bb0736f5f_JaffaCakes118
- Size
  
  576KB
- MD5
  
  eafef610148d9f61233eeb9bb0736f5f
- SHA1
  
  39c3e87414a407911b73b222546133fa58d54d16
- SHA256
  
  f7975bc0c0fa4c0765eff0dccc88e756abb186eed23bfa7f5ee67c731e7f4a8f
- SHA512
  
  1f5d5ba65181ed0fc0f7906d173cb1159f0b74072ab1bb5e624a905ce799339b46f070c23c42b04c342fd3a5e90b9251891b7f7b8f186f1e80e8b8c7866aae9e
- SSDEEP
  
  12288:QCkc/Xwu/sro3X5Azmgh1R3/n0aRz6mHG:QRc/wu/p3X5emghH/0wzdH
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence