Overview

overview

10

Static

static

3

0aa50b5113...18.exe

windows7-x64

10

0aa50b5113...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0aa50b511312b519898b681d8fe6b567_JaffaCakes118

  • Size

    6.6MB

  • Sample

    240624-y2dnsa1dle

  • MD5

    0aa50b511312b519898b681d8fe6b567

  • SHA1

    4ac91576e10cec2bcfc8e7aeb9f4539142f52e35

  • SHA256

    322aa0f6a0110bb09d7d0b7d80f8d0a978d09c07b090e545be5303a06c2b49a5

  • SHA512

    96c1313f482eeae5d898b3ddb9a3971a6459318f53c64e030070199744ceebb6c3b0703cddd0daa683e87dc4a2fc469bfabcda37a36369634baf72c13ac6eab8

  • SSDEEP

    196608:FEQMl9XknCZNulPKQ8hY/Bkr/fgIT/+Vdl7FKaz:o2uN/HYOcIT/EXF9

Score
10/10
mimikatzdiscoveryevasionpersistenceprivilege_escalationpyinstaller

Malware Config

Targets

    • Target

      0aa50b511312b519898b681d8fe6b567_JaffaCakes118

    • Size

      6.6MB

    • MD5

      0aa50b511312b519898b681d8fe6b567

    • SHA1

      4ac91576e10cec2bcfc8e7aeb9f4539142f52e35

    • SHA256

      322aa0f6a0110bb09d7d0b7d80f8d0a978d09c07b090e545be5303a06c2b49a5

    • SHA512

      96c1313f482eeae5d898b3ddb9a3971a6459318f53c64e030070199744ceebb6c3b0703cddd0daa683e87dc4a2fc469bfabcda37a36369634baf72c13ac6eab8

    • SSDEEP

      196608:FEQMl9XknCZNulPKQ8hY/Bkr/fgIT/+Vdl7FKaz:o2uN/HYOcIT/EXF9

    Score
    10/10
    mimikatzdiscoveryevasionpersistenceprivilege_escalation

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • Contacts a large (9654) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • mimikatz is an open source tool to dump credentials on Windows

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Account Manipulation

1
T1098

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Account Manipulation

1
T1098

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

Network Service Discovery

2
T1046

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks