81e45204194c769e0be4118b68c886230be022c7ac2683ef8d1125ce727141f6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

71a28c1872cdb6dc3d053d2ef7b1bec6_JaffaCakes118
Size

137KB
Sample

240725-26e9ys1dkp
MD5

71a28c1872cdb6dc3d053d2ef7b1bec6
SHA1

4624b5cf3e7eb5f5b8efd823540d03befb9ffc79
SHA256

81e45204194c769e0be4118b68c886230be022c7ac2683ef8d1125ce727141f6
SHA512

25e45970080d517f4d6077371ac0e34add6cada6852c7fb1d641da97d24ba0ce307a9076b38fce517395e753d077a0f2e4814eee2a5c9e5821d278879f5f1728
SSDEEP

3072:dpaXy/qijYId24Wug9d0r+lBem/3/J/rJqX:dpmy/qijYIYQgjE2Bem/PJ/rJqX

Score

10^/10

discovery evasion execution persistence

Malware Config

Targets

- Target
  
  71a28c1872cdb6dc3d053d2ef7b1bec6_JaffaCakes118
- Size
  
  137KB
- MD5
  
  71a28c1872cdb6dc3d053d2ef7b1bec6
- SHA1
  
  4624b5cf3e7eb5f5b8efd823540d03befb9ffc79
- SHA256
  
  81e45204194c769e0be4118b68c886230be022c7ac2683ef8d1125ce727141f6
- SHA512
  
  25e45970080d517f4d6077371ac0e34add6cada6852c7fb1d641da97d24ba0ce307a9076b38fce517395e753d077a0f2e4814eee2a5c9e5821d278879f5f1728
- SSDEEP
  
  3072:dpaXy/qijYId24Wug9d0r+lBem/3/J/rJqX:dpmy/qijYIYQgjE2Bem/PJ/rJqX
Score

10^/10

discovery evasion execution persistence
- Disables service(s)
  evasion execution
- Server Software Component: Terminal Services DLL
  persistence
- Stops running service(s)
  evasion execution
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Server Software Component

Terminal Services DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexecutionpersistence

behavioral2

discoveryevasionexecutionpersistence