General
-
Target
10229ffd5289c76a373cdc64b5f63ad1_JaffaCakes118
-
Size
118KB
-
Sample
241003-xh1hrsvbjg
-
MD5
10229ffd5289c76a373cdc64b5f63ad1
-
SHA1
2ec4c1e3f2e9b5b66577a7aff86ea15f124ed46a
-
SHA256
a632050150128cc9d5ff7ab419e52370788e3748b2141459991bbe842133ef17
-
SHA512
3c6e12957ba12a55b0838c353516e3d5e338cb647c28ace38d2aecb2abb56ee58a56acb6b493d4ed060c5c43789219a07d71898246cea41f83ce5b7e9a4f0191
-
SSDEEP
1536:OvgsN2nzXvORAt/PFHfOH4Wgr3luHv88UTclel0GnToIfbIO89+Va7t:O1N2zXmqCMr3w8oryTBfN89+VE
Malware Config
Targets
-
-
Target
10229ffd5289c76a373cdc64b5f63ad1_JaffaCakes118
-
Size
118KB
-
MD5
10229ffd5289c76a373cdc64b5f63ad1
-
SHA1
2ec4c1e3f2e9b5b66577a7aff86ea15f124ed46a
-
SHA256
a632050150128cc9d5ff7ab419e52370788e3748b2141459991bbe842133ef17
-
SHA512
3c6e12957ba12a55b0838c353516e3d5e338cb647c28ace38d2aecb2abb56ee58a56acb6b493d4ed060c5c43789219a07d71898246cea41f83ce5b7e9a4f0191
-
SSDEEP
1536:OvgsN2nzXvORAt/PFHfOH4Wgr3luHv88UTclel0GnToIfbIO89+Va7t:O1N2zXmqCMr3w8oryTBfN89+VE
Score10/10-
Modifies WinLogon for persistence
-
Modifies security service
-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables taskbar notifications via registry modification
-
Windows security modification
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1