cef5707b258186d64b9ca5e880f29220d0d2fa49107038ee700b8b5f4f1efebd | Triage

Sharing

General

Target

572c2dcf387e26a42b24c8394b0c5a91_JaffaCakes118
Size

122KB
Sample

241018-nhjqkstgnb
MD5

572c2dcf387e26a42b24c8394b0c5a91
SHA1

808d9adfcb32c65f8809bed69feff0b0092e7161
SHA256

cef5707b258186d64b9ca5e880f29220d0d2fa49107038ee700b8b5f4f1efebd
SHA512

4b096d57e3a991939845cebd191e1394f01a9f75c795b08e8e747716d69d5b429fcf1d423658b3fb135856aefba191e0c95e5fb430fd8ace39e0e3ba9234bd8a
SSDEEP

1536:2lY0ZYgMT0rGOFJ3Cqn+4LeF0BKrwJAvuHGRA/lHzDS3N4mPzjGyh09PwGn951A6:/UJBLBVouHGRA/lH/S332WEAZlBA

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  572c2dcf387e26a42b24c8394b0c5a91_JaffaCakes118
- Size
  
  122KB
- MD5
  
  572c2dcf387e26a42b24c8394b0c5a91
- SHA1
  
  808d9adfcb32c65f8809bed69feff0b0092e7161
- SHA256
  
  cef5707b258186d64b9ca5e880f29220d0d2fa49107038ee700b8b5f4f1efebd
- SHA512
  
  4b096d57e3a991939845cebd191e1394f01a9f75c795b08e8e747716d69d5b429fcf1d423658b3fb135856aefba191e0c95e5fb430fd8ace39e0e3ba9234bd8a
- SSDEEP
  
  1536:2lY0ZYgMT0rGOFJ3Cqn+4LeF0BKrwJAvuHGRA/lHzDS3N4mPzjGyh09PwGn951A6:/UJBLBVouHGRA/lH/S332WEAZlBA
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence