36253e2226e5b17e454baa0bb216a8ff4d76cd44243b942458962a6863b0ccc8 | Triage

Sharing

General

Target

06b472fd019daccc7de48681a46a0f13_JaffaCakes118
Size

6.1MB
Sample

241001-vwcmra1epk
MD5

06b472fd019daccc7de48681a46a0f13
SHA1

4b91763f77fb78e4772db0fcf0df0d4845a9e3ec
SHA256

36253e2226e5b17e454baa0bb216a8ff4d76cd44243b942458962a6863b0ccc8
SHA512

a6c83b5cf5602c99ce5fd46b9417f78b2f0f1ee5b1341f5f66144f3a17fb75c3b8322037cd53a71ab48d69ddbf0313c18cd0d4212de11a2d8d71e93522b74426
SSDEEP

98304:7xDDaNHNesvq/9afO1z1jDTipOGRD4/NOirAuYPiRgf4U3tlJ5u61KxC/l:9DDSHUc2V1JTQOQ41Oi7Hgw2ttuWl

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  06b472fd019daccc7de48681a46a0f13_JaffaCakes118
- Size
  
  6.1MB
- MD5
  
  06b472fd019daccc7de48681a46a0f13
- SHA1
  
  4b91763f77fb78e4772db0fcf0df0d4845a9e3ec
- SHA256
  
  36253e2226e5b17e454baa0bb216a8ff4d76cd44243b942458962a6863b0ccc8
- SHA512
  
  a6c83b5cf5602c99ce5fd46b9417f78b2f0f1ee5b1341f5f66144f3a17fb75c3b8322037cd53a71ab48d69ddbf0313c18cd0d4212de11a2d8d71e93522b74426
- SSDEEP
  
  98304:7xDDaNHNesvq/9afO1z1jDTipOGRD4/NOirAuYPiRgf4U3tlJ5u61KxC/l:9DDSHUc2V1JTQOQ41Oi7Hgw2ttuWl
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2