a4b228ee392a425abbe679ee4a25951bb1b434fad6ccca5396e346e5ebec8af3 | Triage

Sharing

General

Target

87c89e492475b302a5b0ae8b9e7a7394_JaffaCakes118
Size

93KB
Sample

240810-1kkf4szaqj
MD5

87c89e492475b302a5b0ae8b9e7a7394
SHA1

47eaebb9f7696501a008b88efdf14ce242b2ac2a
SHA256

a4b228ee392a425abbe679ee4a25951bb1b434fad6ccca5396e346e5ebec8af3
SHA512

c2a114992d4aab7d50e473a338b2056c217c6b15f9b58bf8eb20189d38f0fb8469e94b664c068b5160d92697bd35bc5cb7f2b6d97db1bb99b84780b87125d2b0
SSDEEP

1536:wF61lvMqziQ3C6kKEgHFy4sEg/qHUnuBuczFbznTvK2fHioBzkXmvc3hH6bB26ex:910Q3MK1Hc/q0nusczFzhHDwAcRHg2rx

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  87c89e492475b302a5b0ae8b9e7a7394_JaffaCakes118
- Size
  
  93KB
- MD5
  
  87c89e492475b302a5b0ae8b9e7a7394
- SHA1
  
  47eaebb9f7696501a008b88efdf14ce242b2ac2a
- SHA256
  
  a4b228ee392a425abbe679ee4a25951bb1b434fad6ccca5396e346e5ebec8af3
- SHA512
  
  c2a114992d4aab7d50e473a338b2056c217c6b15f9b58bf8eb20189d38f0fb8469e94b664c068b5160d92697bd35bc5cb7f2b6d97db1bb99b84780b87125d2b0
- SSDEEP
  
  1536:wF61lvMqziQ3C6kKEgHFy4sEg/qHUnuBuczFbznTvK2fHioBzkXmvc3hH6bB26ex:910Q3MK1Hc/q0nusczFzhHDwAcRHg2rx
Score

8^/10

discovery persistence
- Drops file in Drivers directory
- Server Software Component: Terminal Services DLL
  persistence
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence