bb9cc5de409a0c547d90580cc5508f2b11a188530501274536334a393faa93ae | Triage

Sharing

General

Target

9fe28443416a84b4bf6978d007dc0c74_JaffaCakes118
Size

71KB
Sample

240816-zmlxaawenf
MD5

9fe28443416a84b4bf6978d007dc0c74
SHA1

1d10dc0f72a4956e5283bf5dfcf75c974cdd04ea
SHA256

bb9cc5de409a0c547d90580cc5508f2b11a188530501274536334a393faa93ae
SHA512

3cb81b3b8f81a493b6a6d4b4418c8c68422068a4bb06f7aa4daeadefe258a5d1d3b1c6d01fedaf7d2df272f3693e415ed36048bec1e14738674e01ce79feec19
SSDEEP

1536:PDqiIm+Oi/W6S/bs9cjja9yZfgt1OiMIik0BjIz:PD+J/Y/NLfgt1R0BjIz

Score

10^/10

discovery evasion execution persistence

Malware Config

Targets

- Target
  
  9fe28443416a84b4bf6978d007dc0c74_JaffaCakes118
- Size
  
  71KB
- MD5
  
  9fe28443416a84b4bf6978d007dc0c74
- SHA1
  
  1d10dc0f72a4956e5283bf5dfcf75c974cdd04ea
- SHA256
  
  bb9cc5de409a0c547d90580cc5508f2b11a188530501274536334a393faa93ae
- SHA512
  
  3cb81b3b8f81a493b6a6d4b4418c8c68422068a4bb06f7aa4daeadefe258a5d1d3b1c6d01fedaf7d2df272f3693e415ed36048bec1e14738674e01ce79feec19
- SSDEEP
  
  1536:PDqiIm+Oi/W6S/bs9cjja9yZfgt1OiMIik0BjIz:PD+J/Y/NLfgt1R0BjIz
Score

10^/10

discovery evasion execution persistence
- Disables service(s)
  evasion execution
- Server Software Component: Terminal Services DLL
  persistence
- Stops running service(s)
  evasion execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Server Software Component

Terminal Services DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

discoveryevasionexecutionpersistence