97795cb1787f37ee973261ca9eadf216ce6af8ea4be41f86299593594c717e74 | Triage

Sharing

General

Target

860af82a0aef3daac55597d8386f7247_JaffaCakes118
Size

78KB
Sample

240810-plwd8atbrg
MD5

860af82a0aef3daac55597d8386f7247
SHA1

eb5685c72003fb123fe7060f429f146a646e2103
SHA256

97795cb1787f37ee973261ca9eadf216ce6af8ea4be41f86299593594c717e74
SHA512

ac966cd5612ffe0e5c162981227553c430525850d2e37b15556c0feeffc6d70462f8f29d1a82b5da22c075f22a3ef401d9daa89381b7e01791096101da12c808
SSDEEP

1536:t2vl+fj7Y/HK2hUQ3JL+EIFbBIgpq9iNweXXN/c:gvlT/H36EmbBIEE6tc

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  860af82a0aef3daac55597d8386f7247_JaffaCakes118
- Size
  
  78KB
- MD5
  
  860af82a0aef3daac55597d8386f7247
- SHA1
  
  eb5685c72003fb123fe7060f429f146a646e2103
- SHA256
  
  97795cb1787f37ee973261ca9eadf216ce6af8ea4be41f86299593594c717e74
- SHA512
  
  ac966cd5612ffe0e5c162981227553c430525850d2e37b15556c0feeffc6d70462f8f29d1a82b5da22c075f22a3ef401d9daa89381b7e01791096101da12c808
- SSDEEP
  
  1536:t2vl+fj7Y/HK2hUQ3JL+EIFbBIgpq9iNweXXN/c:gvlT/H36EmbBIEE6tc
Score

8^/10

discovery persistence
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence