71e4c7e65494470f13c9abe7d722584fcc6c9480637d76bbef0d65f3059c9e24 | Triage

Sharing

General

Target

ee83e943c3fdc8891002e9f911600e92_JaffaCakes118
Size

28KB
Sample

240920-1zymaazhph
MD5

ee83e943c3fdc8891002e9f911600e92
SHA1

aafb614c834192395a19d9563c9f2b4d5a51deac
SHA256

71e4c7e65494470f13c9abe7d722584fcc6c9480637d76bbef0d65f3059c9e24
SHA512

d0358103cd84ff1fcd6d804a8f336f35bd1555e0835b82ab5ed8a9c2fee30846c23a02a97135b9978ff6e34fbc5f5e71e99f30e8cf4da3c470aca00bf0c73c95
SSDEEP

192:2MN21a9pS7na9SVSi2dNA4YL8fzh1zZoRQyJATDzk+9zHJ/uSrApwdP1oyn/AiOy:2WJ87n2FNOuV7I+DugApwJ1RAijK4Tq

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  ee83e943c3fdc8891002e9f911600e92_JaffaCakes118
- Size
  
  28KB
- MD5
  
  ee83e943c3fdc8891002e9f911600e92
- SHA1
  
  aafb614c834192395a19d9563c9f2b4d5a51deac
- SHA256
  
  71e4c7e65494470f13c9abe7d722584fcc6c9480637d76bbef0d65f3059c9e24
- SHA512
  
  d0358103cd84ff1fcd6d804a8f336f35bd1555e0835b82ab5ed8a9c2fee30846c23a02a97135b9978ff6e34fbc5f5e71e99f30e8cf4da3c470aca00bf0c73c95
- SSDEEP
  
  192:2MN21a9pS7na9SVSi2dNA4YL8fzh1zZoRQyJATDzk+9zHJ/uSrApwdP1oyn/AiOy:2WJ87n2FNOuV7I+DugApwJ1RAijK4Tq
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2