6e34aae1101bd9c579a93a4d43055bb4d1aa3ab2f7c7884fc9d6b2be1f6f87bd | Triage

Sharing

General

Target

3e4da1c1f56421dbf4a9ab46b60c85d9_JaffaCakes118
Size

68KB
Sample

241013-g8d5fsxelm
MD5

3e4da1c1f56421dbf4a9ab46b60c85d9
SHA1

081eac04c298a1faf881fa4ec459e801d5aeb7b7
SHA256

6e34aae1101bd9c579a93a4d43055bb4d1aa3ab2f7c7884fc9d6b2be1f6f87bd
SHA512

c12480fa3a7ff20157b442acbce7ff1a47af6ddbaeeec7e7db25c579297136bc1338af98e7abb63fa75b666df919463691f6084f2c1f1450512d5f399dab2d54
SSDEEP

768:bikxN1wLPr4rS518RxcW1J7XTC05GKJZQaHu7J4of1zBmQzTGfmgyqU:+kxN1wH4uHUD1V5pZQ64Zf1zwQVgvU

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  3e4da1c1f56421dbf4a9ab46b60c85d9_JaffaCakes118
- Size
  
  68KB
- MD5
  
  3e4da1c1f56421dbf4a9ab46b60c85d9
- SHA1
  
  081eac04c298a1faf881fa4ec459e801d5aeb7b7
- SHA256
  
  6e34aae1101bd9c579a93a4d43055bb4d1aa3ab2f7c7884fc9d6b2be1f6f87bd
- SHA512
  
  c12480fa3a7ff20157b442acbce7ff1a47af6ddbaeeec7e7db25c579297136bc1338af98e7abb63fa75b666df919463691f6084f2c1f1450512d5f399dab2d54
- SSDEEP
  
  768:bikxN1wLPr4rS518RxcW1J7XTC05GKJZQaHu7J4of1zBmQzTGfmgyqU:+kxN1wH4uHUD1V5pZQ64Zf1zwQVgvU
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence