a42101587fa89e12f17002eae2758d0d9f76583f19de36f56af7fe68fa1ee26e | Triage

Sharing

General

Target

f4f387486cdbc09027f1bb05c3618b91_JaffaCakes118
Size

49KB
Sample

240925-cpsraaygjl
MD5

f4f387486cdbc09027f1bb05c3618b91
SHA1

a4baba5ec7e94adb7d303414481610982c7581cb
SHA256

a42101587fa89e12f17002eae2758d0d9f76583f19de36f56af7fe68fa1ee26e
SHA512

9ec516c016e858e204e45a67cefb474c88c7dc623e22ac308bc305f6455f2dcf646dc2cb54b03e13111c2c686761a8f6b44747bcd802ec0ff5eac084823ca467
SSDEEP

768:c3bprAkBW7XL5cNQIqxMCBbxY220tYg7nWjBRRmX8pq6TiRRE826Yz7S:c32n775cmIwM0bxNr7nWbRm6tJX

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  f4f387486cdbc09027f1bb05c3618b91_JaffaCakes118
- Size
  
  49KB
- MD5
  
  f4f387486cdbc09027f1bb05c3618b91
- SHA1
  
  a4baba5ec7e94adb7d303414481610982c7581cb
- SHA256
  
  a42101587fa89e12f17002eae2758d0d9f76583f19de36f56af7fe68fa1ee26e
- SHA512
  
  9ec516c016e858e204e45a67cefb474c88c7dc623e22ac308bc305f6455f2dcf646dc2cb54b03e13111c2c686761a8f6b44747bcd802ec0ff5eac084823ca467
- SSDEEP
  
  768:c3bprAkBW7XL5cNQIqxMCBbxY220tYg7nWjBRRmX8pq6TiRRE826Yz7S:c32n775cmIwM0bxNr7nWbRm6tJX
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence