e0db9cf9b894d53b0df1138e58dfb80398d8d9b3e384e3dedc490d23d19ebd4a | Triage

Sharing

General

Target

ee9623dea7665e11da2696af3eddd612_JaffaCakes118
Size

453KB
Sample

240920-2tx91ashlr
MD5

ee9623dea7665e11da2696af3eddd612
SHA1

a1eba81c40bb6353ed10d7e25eca1d0e4dabc6c4
SHA256

e0db9cf9b894d53b0df1138e58dfb80398d8d9b3e384e3dedc490d23d19ebd4a
SHA512

9703efc8a1ceb03a4a0792a6dea5c3d5da0404a17a8c8f83f98f0ac73d4f11d7c4ec367d2b3528543314fa82124efa244bbec90af15e789ef61148c48d9d697c
SSDEEP

12288:4APHVWZD16FRKKMhMqoHs+AQIr9fEIW60yHA:N/VWZDMb8oHs+AhrZu6FHA

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  ee9623dea7665e11da2696af3eddd612_JaffaCakes118
- Size
  
  453KB
- MD5
  
  ee9623dea7665e11da2696af3eddd612
- SHA1
  
  a1eba81c40bb6353ed10d7e25eca1d0e4dabc6c4
- SHA256
  
  e0db9cf9b894d53b0df1138e58dfb80398d8d9b3e384e3dedc490d23d19ebd4a
- SHA512
  
  9703efc8a1ceb03a4a0792a6dea5c3d5da0404a17a8c8f83f98f0ac73d4f11d7c4ec367d2b3528543314fa82124efa244bbec90af15e789ef61148c48d9d697c
- SSDEEP
  
  12288:4APHVWZD16FRKKMhMqoHs+AQIr9fEIW60yHA:N/VWZDMb8oHs+AhrZu6FHA
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence