7ffc97cdcf5ce1666c2d6d25ee1a4a2b2f2a7318f01cc665397f36d3ae6598f6 | Triage

Sharing

General

Target

edb03e4fd7c2c8865d7423b408de3101_JaffaCakes118
Size

382KB
Sample

240920-qrmvpsydqe
MD5

edb03e4fd7c2c8865d7423b408de3101
SHA1

fce0e350797d22017993f05d7caef07640a57377
SHA256

7ffc97cdcf5ce1666c2d6d25ee1a4a2b2f2a7318f01cc665397f36d3ae6598f6
SHA512

6d294a67cdaf492cfa8024190fb19bebc35c805dbaa0012fd8c884c27b58f1a67ebf1ef723103be421a129b833db6b9b2c236f5ac6ae9aeec819e8507a3e5ee3
SSDEEP

6144:8yK49twSEGILqEeXtk79hprQXg6yaQNr/PqyOPtV3cDIFtMgLjIea/b35VjDO00V:8H49+MWAkhhp0g6TQNuyO1nFtM1LldDO

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  edb03e4fd7c2c8865d7423b408de3101_JaffaCakes118
- Size
  
  382KB
- MD5
  
  edb03e4fd7c2c8865d7423b408de3101
- SHA1
  
  fce0e350797d22017993f05d7caef07640a57377
- SHA256
  
  7ffc97cdcf5ce1666c2d6d25ee1a4a2b2f2a7318f01cc665397f36d3ae6598f6
- SHA512
  
  6d294a67cdaf492cfa8024190fb19bebc35c805dbaa0012fd8c884c27b58f1a67ebf1ef723103be421a129b833db6b9b2c236f5ac6ae9aeec819e8507a3e5ee3
- SSDEEP
  
  6144:8yK49twSEGILqEeXtk79hprQXg6yaQNr/PqyOPtV3cDIFtMgLjIea/b35VjDO00V:8H49+MWAkhhp0g6TQNuyO1nFtM1LldDO
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence