93952bf02709fb19f61892f6fb9eca5b59f9773a09d08010c50f96158367cb5f | Triage

Sharing

General

Target

4dbec925bd0e0e2d73b6c4536e35f5a2_JaffaCakes118
Size

123KB
Sample

240716-lltnvayepb
MD5

4dbec925bd0e0e2d73b6c4536e35f5a2
SHA1

e290b071d56b1e1b3ba8521cc54549a0ea8fee6a
SHA256

93952bf02709fb19f61892f6fb9eca5b59f9773a09d08010c50f96158367cb5f
SHA512

d32c18c300e378953668b19591d36d178d772802480b7a0b0c5f805588ac727b0655a3011ca9db9e580f74d04c31aacc898e88435a354f094eb94793bbd9d752
SSDEEP

3072:VeSyGQ8sEPwfmzx9hkubycXsqa62Ux+oJ:VeSyGQSPkO9Smyc8qa62UP

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  4dbec925bd0e0e2d73b6c4536e35f5a2_JaffaCakes118
- Size
  
  123KB
- MD5
  
  4dbec925bd0e0e2d73b6c4536e35f5a2
- SHA1
  
  e290b071d56b1e1b3ba8521cc54549a0ea8fee6a
- SHA256
  
  93952bf02709fb19f61892f6fb9eca5b59f9773a09d08010c50f96158367cb5f
- SHA512
  
  d32c18c300e378953668b19591d36d178d772802480b7a0b0c5f805588ac727b0655a3011ca9db9e580f74d04c31aacc898e88435a354f094eb94793bbd9d752
- SSDEEP
  
  3072:VeSyGQ8sEPwfmzx9hkubycXsqa62Ux+oJ:VeSyGQSPkO9Smyc8qa62UP
Score

8^/10

persistence
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2