cd1212f9adf6232cf98778e28a53fb7a28798dc800fe6ca13b9ca5e5bcc6251d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f99c62c9ee55f3b79c50a0069431c2f_JaffaCakes118
Size

133KB
Sample

241009-mn432azhjm
MD5

2f99c62c9ee55f3b79c50a0069431c2f
SHA1

60cce50ed54740277d833818ec8b1f7008606c7d
SHA256

cd1212f9adf6232cf98778e28a53fb7a28798dc800fe6ca13b9ca5e5bcc6251d
SHA512

046f50e908f442d3c93892f8c0bc67778b49e10c55f26ae7b1ce6c55149b2b8db4b27f789e15808cc1d5ca49c588bd0a6da447fae4e478032636a700bf155df7
SSDEEP

1536:4Xm5qoMmacLhVLt5XDs3qf5KZ6P3r2g/64zOIKEEBG22+U0:35qoMmDhVXs3qf5BSiNj8GJX0

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  2f99c62c9ee55f3b79c50a0069431c2f_JaffaCakes118
- Size
  
  133KB
- MD5
  
  2f99c62c9ee55f3b79c50a0069431c2f
- SHA1
  
  60cce50ed54740277d833818ec8b1f7008606c7d
- SHA256
  
  cd1212f9adf6232cf98778e28a53fb7a28798dc800fe6ca13b9ca5e5bcc6251d
- SHA512
  
  046f50e908f442d3c93892f8c0bc67778b49e10c55f26ae7b1ce6c55149b2b8db4b27f789e15808cc1d5ca49c588bd0a6da447fae4e478032636a700bf155df7
- SSDEEP
  
  1536:4Xm5qoMmacLhVLt5XDs3qf5KZ6P3r2g/64zOIKEEBG22+U0:35qoMmDhVXs3qf5BSiNj8GJX0
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence