General
-
Target
1244a8b289b99327a67adb866ef960a0_JaffaCakes118
-
Size
48KB
-
Sample
241004-hjym8stfkf
-
MD5
1244a8b289b99327a67adb866ef960a0
-
SHA1
68f13525b9f0b8279baa61942f3fd65b43574715
-
SHA256
141c4f1f46fd81c64e8acecf38a204aba1887ce6a63e5ef478bb85398bc5a2a2
-
SHA512
364f71eac595a7cfe0b883622316534a216cecdd713886b811ca3ed6db4e7f0adebdf2a9b60072d2253af1a84379598593f689761846d8229388f8af0cf6d2e1
-
SSDEEP
768:l6r/0pcM8cJZZD673K383EJBZ4BQTbfqBWV5WV4Pv35BMC0it:8bEcM84g3IEIZ4BQ3fqBWy2X5t
Malware Config
Targets
-
-
Target
1244a8b289b99327a67adb866ef960a0_JaffaCakes118
-
Size
48KB
-
MD5
1244a8b289b99327a67adb866ef960a0
-
SHA1
68f13525b9f0b8279baa61942f3fd65b43574715
-
SHA256
141c4f1f46fd81c64e8acecf38a204aba1887ce6a63e5ef478bb85398bc5a2a2
-
SHA512
364f71eac595a7cfe0b883622316534a216cecdd713886b811ca3ed6db4e7f0adebdf2a9b60072d2253af1a84379598593f689761846d8229388f8af0cf6d2e1
-
SSDEEP
768:l6r/0pcM8cJZZD673K383EJBZ4BQTbfqBWV5WV4Pv35BMC0it:8bEcM84g3IEIZ4BQ3fqBWy2X5t
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables cmd.exe use via registry modification
-
Drops file in Drivers directory
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
4