8ab922a3b806c221dffdfe5e3f24ebaaa08216bb4f5ec3830aaed9f77019bf4c | Triage

Sharing

General

Target

ed20c793a75504e76c47b4c4875a4a8d_JaffaCakes118
Size

94KB
Sample

240920-jjwpbawcnp
MD5

ed20c793a75504e76c47b4c4875a4a8d
SHA1

4709fcddc7078ae549109c77589a4d960e4fb066
SHA256

8ab922a3b806c221dffdfe5e3f24ebaaa08216bb4f5ec3830aaed9f77019bf4c
SHA512

12c1acf5426048aa535c30a315966620f96cbd33bb438b72fbef0528fa79f7dcf32efa8beee3f347a71ea783148961c921075d39e8322e2962f6b65ea2d7ba9b
SSDEEP

1536:4aiqH1s+kCtrA2UMT0mTFibDKa1XEBSRnS2HmF4M0VVRZlxLBVXWiZ+zwaPy:51B31bdBob2QXsGSkmeVVVflxVVmiZ+U

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  ed20c793a75504e76c47b4c4875a4a8d_JaffaCakes118
- Size
  
  94KB
- MD5
  
  ed20c793a75504e76c47b4c4875a4a8d
- SHA1
  
  4709fcddc7078ae549109c77589a4d960e4fb066
- SHA256
  
  8ab922a3b806c221dffdfe5e3f24ebaaa08216bb4f5ec3830aaed9f77019bf4c
- SHA512
  
  12c1acf5426048aa535c30a315966620f96cbd33bb438b72fbef0528fa79f7dcf32efa8beee3f347a71ea783148961c921075d39e8322e2962f6b65ea2d7ba9b
- SSDEEP
  
  1536:4aiqH1s+kCtrA2UMT0mTFibDKa1XEBSRnS2HmF4M0VVRZlxLBVXWiZ+zwaPy:51B31bdBob2QXsGSkmeVVVflxVVmiZ+U
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence