fd0f3db78a44d73c177e14d03b2eab4e340b5cd9d354a0f0657f32d55cfabd6e | Triage

Sharing

General

Target

141eed8de6797233846a43252017e893_JaffaCakes118
Size

910KB
Sample

241004-t3ej9ayflb
MD5

141eed8de6797233846a43252017e893
SHA1

f7816260f8462d5a86236431b51179cf1a956153
SHA256

fd0f3db78a44d73c177e14d03b2eab4e340b5cd9d354a0f0657f32d55cfabd6e
SHA512

ad47018718bd2ded2928d3b1aad98fe05c7ba893f135255b41fffbae017d50d16ed19f75a5a988fd1ca34be2d89e60cb68a64df24c8804c4da90277fb6e0eb55
SSDEEP

12288:VdJ1OjIvsbHum0uSlJQqn3CcjczPA29PBBQPo9ZmVUbFvlA+CYiMXt2kaJp8QMWs:psLumA3sXoel/BD5aJfQQB7c7

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  141eed8de6797233846a43252017e893_JaffaCakes118
- Size
  
  910KB
- MD5
  
  141eed8de6797233846a43252017e893
- SHA1
  
  f7816260f8462d5a86236431b51179cf1a956153
- SHA256
  
  fd0f3db78a44d73c177e14d03b2eab4e340b5cd9d354a0f0657f32d55cfabd6e
- SHA512
  
  ad47018718bd2ded2928d3b1aad98fe05c7ba893f135255b41fffbae017d50d16ed19f75a5a988fd1ca34be2d89e60cb68a64df24c8804c4da90277fb6e0eb55
- SSDEEP
  
  12288:VdJ1OjIvsbHum0uSlJQqn3CcjczPA29PBBQPo9ZmVUbFvlA+CYiMXt2kaJp8QMWs:psLumA3sXoel/BD5aJfQQB7c7
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence