e11458257dd5680af0d8450d335bf96646c3574346f8ce0311ce0fce6a3096f1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

83c4c4ae5d94ede32c270a8f5e87ab34_JaffaCakes118
Size

762KB
Sample

240809-18va8ascjk
MD5

83c4c4ae5d94ede32c270a8f5e87ab34
SHA1

423ea2080bee23a2fcde23e5d0b277374dd7deed
SHA256

e11458257dd5680af0d8450d335bf96646c3574346f8ce0311ce0fce6a3096f1
SHA512

12636116e97bfa96eb1bd80c3f8e44ed563ad721177bae9acb657c8cb633fc6b90780fd143faa6e409849cfab8e971cacf0bc48ab1fc0c43f0512f4da21c1c43
SSDEEP

12288:EK4qJ0k4Rfw1BH2XzFgV9N0cYYXh7yGrPF3Z4mxxe0GHvFPX57nDe8d13+9g:EDjRgB2XmfN0gBQmXWF/VnKeX

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  83c4c4ae5d94ede32c270a8f5e87ab34_JaffaCakes118
- Size
  
  762KB
- MD5
  
  83c4c4ae5d94ede32c270a8f5e87ab34
- SHA1
  
  423ea2080bee23a2fcde23e5d0b277374dd7deed
- SHA256
  
  e11458257dd5680af0d8450d335bf96646c3574346f8ce0311ce0fce6a3096f1
- SHA512
  
  12636116e97bfa96eb1bd80c3f8e44ed563ad721177bae9acb657c8cb633fc6b90780fd143faa6e409849cfab8e971cacf0bc48ab1fc0c43f0512f4da21c1c43
- SSDEEP
  
  12288:EK4qJ0k4Rfw1BH2XzFgV9N0cYYXh7yGrPF3Z4mxxe0GHvFPX57nDe8d13+9g:EDjRgB2XmfN0gBQmXWF/VnKeX
Score

8^/10

discovery persistence
- Server Software Component: Terminal Services DLL
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence