General
-
Target
ee4aaba00083dd1b8a9495b80b3f7a9a_JaffaCakes118
-
Size
99KB
-
Sample
240920-yc9pxsthkh
-
MD5
ee4aaba00083dd1b8a9495b80b3f7a9a
-
SHA1
42b64263cab6c2ed180cf3cadea00fe6765361c6
-
SHA256
6c10a38e802c130022c063caaefbf4a52e2cd257f8d76a1abe4e74067e1329f7
-
SHA512
b1708cd8153d4649c014d156ba212a2af38bcd6bddd13db0643d0b754348c89d13e2efaa8de862a583bc7ea08bc8703aa399103edcecff2e8cefa11f02fe9222
-
SSDEEP
768:EMm6jQusmj3H8nxGLCktJNB7cMatjMga8aTmjI3nqqPt:faRxGJNB7BeIDCWqQ
Malware Config
Targets
-
-
Target
ee4aaba00083dd1b8a9495b80b3f7a9a_JaffaCakes118
-
Size
99KB
-
MD5
ee4aaba00083dd1b8a9495b80b3f7a9a
-
SHA1
42b64263cab6c2ed180cf3cadea00fe6765361c6
-
SHA256
6c10a38e802c130022c063caaefbf4a52e2cd257f8d76a1abe4e74067e1329f7
-
SHA512
b1708cd8153d4649c014d156ba212a2af38bcd6bddd13db0643d0b754348c89d13e2efaa8de862a583bc7ea08bc8703aa399103edcecff2e8cefa11f02fe9222
-
SSDEEP
768:EMm6jQusmj3H8nxGLCktJNB7cMatjMga8aTmjI3nqqPt:faRxGJNB7BeIDCWqQ
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
5