6cd9b986f6e133bf30115d6e49871b97e09335538f86fdf37a328fa2f7e3fd5b | Triage

Sharing

General

Target

0358e215e0a9994d5f59c2a7c60366af_JaffaCakes118
Size

107KB
Sample

240930-1hlw6aweqm
MD5

0358e215e0a9994d5f59c2a7c60366af
SHA1

c37da2537f6162aaca518e5223929db2eea2610e
SHA256

6cd9b986f6e133bf30115d6e49871b97e09335538f86fdf37a328fa2f7e3fd5b
SHA512

349bf1cb07fbd5023bba8a0c936b6ee07115b81d15eed41fe594a0d35ef3472bad01074c16107050e094921cc401acf53712c6c16894c4bf7a79a51dad363498
SSDEEP

3072:eYQtt+Duvs/lxp2JbJ9JWB9NqML4kj+wC4v1:eYQC7PpAbJ9JWskj+9m

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  0358e215e0a9994d5f59c2a7c60366af_JaffaCakes118
- Size
  
  107KB
- MD5
  
  0358e215e0a9994d5f59c2a7c60366af
- SHA1
  
  c37da2537f6162aaca518e5223929db2eea2610e
- SHA256
  
  6cd9b986f6e133bf30115d6e49871b97e09335538f86fdf37a328fa2f7e3fd5b
- SHA512
  
  349bf1cb07fbd5023bba8a0c936b6ee07115b81d15eed41fe594a0d35ef3472bad01074c16107050e094921cc401acf53712c6c16894c4bf7a79a51dad363498
- SSDEEP
  
  3072:eYQtt+Duvs/lxp2JbJ9JWB9NqML4kj+wC4v1:eYQC7PpAbJ9JWskj+9m
Score

7^/10

discovery persistence
- Deletes itself
- Loads dropped DLL
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence