5eb2519cb70eb928ed91a218e7b71eb1e68a02bdba5dc79c8e7387a83b228d24 | Triage

Sharing

General

Target

72f7b517e900185f06a9c0a4509a44b4_JaffaCakes118
Size

37KB
Sample

240726-hfk8qsvhmc
MD5

72f7b517e900185f06a9c0a4509a44b4
SHA1

7281fdbe6d3407e640beb70247bcc9070f54212c
SHA256

5eb2519cb70eb928ed91a218e7b71eb1e68a02bdba5dc79c8e7387a83b228d24
SHA512

21cef7bf17ba21f60b05566d50355874503e2d610606f70d22e395cd33acf8c84cf28158e92a8ca5a5800fa2f61cd86283dc8d1fda6e0e70a296f16dc2070aab
SSDEEP

768:emnPb/+Htt8EpqBUCYG7zXoO2VSXO0Z4QE3X0hFSAIDNFtPnlFKb:emnz/QbzkUBG70r0ZbYEvavttYb

Score

8^/10

defense_evasion discovery persistence

Malware Config

Targets

- Target
  
  72f7b517e900185f06a9c0a4509a44b4_JaffaCakes118
- Size
  
  37KB
- MD5
  
  72f7b517e900185f06a9c0a4509a44b4
- SHA1
  
  7281fdbe6d3407e640beb70247bcc9070f54212c
- SHA256
  
  5eb2519cb70eb928ed91a218e7b71eb1e68a02bdba5dc79c8e7387a83b228d24
- SHA512
  
  21cef7bf17ba21f60b05566d50355874503e2d610606f70d22e395cd33acf8c84cf28158e92a8ca5a5800fa2f61cd86283dc8d1fda6e0e70a296f16dc2070aab
- SSDEEP
  
  768:emnPb/+Htt8EpqBUCYG7zXoO2VSXO0Z4QE3X0hFSAIDNFtPnlFKb:emnz/QbzkUBG70r0ZbYEvavttYb
Score

8^/10

defense_evasion discovery persistence
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistence

behavioral2