250152e949c18b1a012818f2f8a4d1810f800aba27571363a250e7bc9bfb085f | Triage

Sharing

General

Target

3d124d303127d20edcafb8d3717e3846_JaffaCakes118
Size

6.3MB
Sample

240712-mx13qssekf
MD5

3d124d303127d20edcafb8d3717e3846
SHA1

88b3d5638ca0e8412db2c0520ca669b98e53e608
SHA256

250152e949c18b1a012818f2f8a4d1810f800aba27571363a250e7bc9bfb085f
SHA512

cda07480b5876a5d08fd7d97e58c3d19776ef30c3c79e0a62a74e5612eaf70f5bd94c8e136d3c0b28e08906fab4ba3888781fa373832156bb39e5d0369fcd511
SSDEEP

6144:P8LOQyV7edm6zj3xfPQEyyIhulHRrRXw3GgqFtOf7:P8IV7cnzlfxhHRrRXH/Fq7

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  3d124d303127d20edcafb8d3717e3846_JaffaCakes118
- Size
  
  6.3MB
- MD5
  
  3d124d303127d20edcafb8d3717e3846
- SHA1
  
  88b3d5638ca0e8412db2c0520ca669b98e53e608
- SHA256
  
  250152e949c18b1a012818f2f8a4d1810f800aba27571363a250e7bc9bfb085f
- SHA512
  
  cda07480b5876a5d08fd7d97e58c3d19776ef30c3c79e0a62a74e5612eaf70f5bd94c8e136d3c0b28e08906fab4ba3888781fa373832156bb39e5d0369fcd511
- SSDEEP
  
  6144:P8LOQyV7edm6zj3xfPQEyyIhulHRrRXw3GgqFtOf7:P8IV7cnzlfxhHRrRXH/Fq7
Score

8^/10

persistence
- Blocklisted process makes network request
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2