General
-
Target
ff8770b20777545c9e03bb7532e5771c_JaffaCakes118
-
Size
428KB
-
Sample
240929-3w5yaswhjn
-
MD5
ff8770b20777545c9e03bb7532e5771c
-
SHA1
d641452c62f1262f769a40602d3182b26b48ed85
-
SHA256
ad4c07c455348f22fa282080454dbce00133d4f2aaf11605e132a2a6bf7ec7e5
-
SHA512
b8fbecbb856e35b1a09b1aab1f902490677f5a66d04c07c88bd3955961c5b1b1aae8b45da8a4f8825b193b575d34d127e1b7d870e95218e9b0805898fb7970f5
-
SSDEEP
12288:pu6/DdQHroPTAwpwXQsBPTeoG0HhDtdC2Cp4JSErXD+Kz4:pl7WsPkA8QsBPyoG0HBrC2zJSKD+
Malware Config
Targets
-
-
Target
ff8770b20777545c9e03bb7532e5771c_JaffaCakes118
-
Size
428KB
-
MD5
ff8770b20777545c9e03bb7532e5771c
-
SHA1
d641452c62f1262f769a40602d3182b26b48ed85
-
SHA256
ad4c07c455348f22fa282080454dbce00133d4f2aaf11605e132a2a6bf7ec7e5
-
SHA512
b8fbecbb856e35b1a09b1aab1f902490677f5a66d04c07c88bd3955961c5b1b1aae8b45da8a4f8825b193b575d34d127e1b7d870e95218e9b0805898fb7970f5
-
SSDEEP
12288:pu6/DdQHroPTAwpwXQsBPTeoG0HhDtdC2Cp4JSErXD+Kz4:pl7WsPkA8QsBPyoG0HBrC2zJSKD+
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies WinLogon
-
System Binary Proxy Execution: Verclsid
Adversaries may abuse Verclsid to proxy execution of malicious code.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Privilege Escalation
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Defense Evasion
Modify Registry
5Subvert Trust Controls
1SIP and Trust Provider Hijacking
1System Binary Proxy Execution
1Verclsid
1