e0015b9e62af29198a67d0d185c53859c81071ac7395a4bb612486e5415e5c15 | Triage

Sharing

General

Target

edf10d344ad950a7a14673141862c031_JaffaCakes118
Size

107KB
Sample

240920-tfqc8svcng
MD5

edf10d344ad950a7a14673141862c031
SHA1

1aa7d4e5bd67560a266de094ef5b739714861663
SHA256

e0015b9e62af29198a67d0d185c53859c81071ac7395a4bb612486e5415e5c15
SHA512

1202f5c37378a187696e89f231eb9f62323b595b5ba30cfacddb521c7f43760900b5bc3f8cd60fdb47dd597633cde99d361ef6a874e07cf4b38acb023054fc9c
SSDEEP

3072:pn14NERx2eTkYq3Vg5QEhXCP9OgXHQeRdn:Z9RRkHVgeyXCVO4jd

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  edf10d344ad950a7a14673141862c031_JaffaCakes118
- Size
  
  107KB
- MD5
  
  edf10d344ad950a7a14673141862c031
- SHA1
  
  1aa7d4e5bd67560a266de094ef5b739714861663
- SHA256
  
  e0015b9e62af29198a67d0d185c53859c81071ac7395a4bb612486e5415e5c15
- SHA512
  
  1202f5c37378a187696e89f231eb9f62323b595b5ba30cfacddb521c7f43760900b5bc3f8cd60fdb47dd597633cde99d361ef6a874e07cf4b38acb023054fc9c
- SSDEEP
  
  3072:pn14NERx2eTkYq3Vg5QEhXCP9OgXHQeRdn:Z9RRkHVgeyXCVO4jd
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence