5d6902bd5bce4f7173141edd0d2ffd5d2921404781ceb8306e9f50c4534f2e48 | Triage

Sharing

General

Target

ee7322754afbc75543500a55e8dde485_JaffaCakes118
Size

252KB
Sample

240920-z9hs5sygmk
MD5

ee7322754afbc75543500a55e8dde485
SHA1

a1b29f48fdb5e3cccd238b902f0656462556875c
SHA256

5d6902bd5bce4f7173141edd0d2ffd5d2921404781ceb8306e9f50c4534f2e48
SHA512

d53cbd9df6e44ac869fd576a2551ec526c61df951f9c8768e79c6b15a007cc5807f7d37c2d1e9bd5322f82ced341e5e76b2437f93eeccc578867b0694f68670f
SSDEEP

6144:GUtp0z3+LgGPr3kaFegtrSPwaA+0gIk2Nzzzf7k:Z7W3+EGj3kaF/riA+XIk2NzY

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  ee7322754afbc75543500a55e8dde485_JaffaCakes118
- Size
  
  252KB
- MD5
  
  ee7322754afbc75543500a55e8dde485
- SHA1
  
  a1b29f48fdb5e3cccd238b902f0656462556875c
- SHA256
  
  5d6902bd5bce4f7173141edd0d2ffd5d2921404781ceb8306e9f50c4534f2e48
- SHA512
  
  d53cbd9df6e44ac869fd576a2551ec526c61df951f9c8768e79c6b15a007cc5807f7d37c2d1e9bd5322f82ced341e5e76b2437f93eeccc578867b0694f68670f
- SSDEEP
  
  6144:GUtp0z3+LgGPr3kaFegtrSPwaA+0gIk2Nzzzf7k:Z7W3+EGj3kaF/riA+XIk2NzY
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2