d65d5bf18dd39abb418f38e82a732930c90ab64eea547df2e83ddd7d344843c3 | Triage

Sharing

General

Target

0c79ce9e0df3d08b75c5907e03d985dd_JaffaCakes118
Size

418KB
Sample

241002-z24qms1amb
MD5

0c79ce9e0df3d08b75c5907e03d985dd
SHA1

b2339a00bcc04a3f516e2ebb19cc3259e0c50bdb
SHA256

d65d5bf18dd39abb418f38e82a732930c90ab64eea547df2e83ddd7d344843c3
SHA512

64f5c2a51cb7cc006f7bf0874aeb36371ae4ac826be5273e28ca8991b009628999c6791e639d2aebfe63b628547c2177ccb4e67bcd1c433a827a9b7bcf5c55a4
SSDEEP

12288:ondzXXFoYeJ6RQvLrOA6TCjhUwvKig5WvyUu2sNUoc:ond7XdeJ6eLJ6TUvKZ5Wv4pNw

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  0c79ce9e0df3d08b75c5907e03d985dd_JaffaCakes118
- Size
  
  418KB
- MD5
  
  0c79ce9e0df3d08b75c5907e03d985dd
- SHA1
  
  b2339a00bcc04a3f516e2ebb19cc3259e0c50bdb
- SHA256
  
  d65d5bf18dd39abb418f38e82a732930c90ab64eea547df2e83ddd7d344843c3
- SHA512
  
  64f5c2a51cb7cc006f7bf0874aeb36371ae4ac826be5273e28ca8991b009628999c6791e639d2aebfe63b628547c2177ccb4e67bcd1c433a827a9b7bcf5c55a4
- SSDEEP
  
  12288:ondzXXFoYeJ6RQvLrOA6TCjhUwvKig5WvyUu2sNUoc:ond7XdeJ6eLJ6TUvKZ5Wv4pNw
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence