3ca70ff1cb99955da2115b5cef743579384f72b1bbee4beff9f2ac9b40abd53d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a17d26ccee64a05176c0eb3b38e9caab_JaffaCakes118
Size

1.0MB
Sample

240817-g2wqxs1end
MD5

a17d26ccee64a05176c0eb3b38e9caab
SHA1

00e0f1880606928f88c551dda8db78b64f295a03
SHA256

3ca70ff1cb99955da2115b5cef743579384f72b1bbee4beff9f2ac9b40abd53d
SHA512

08f7e7ebe96a77bf853e5dbb6e1829392023895fda09b6150134ba13cd3302dbcda93c6abf5c5b28638d5efd280d16589b41ab461627874484f9445302d3613a
SSDEEP

24576:f20SYlME+yYPBRgbPhrHAFj5Yi0sakj9xpNj+hFgXC75ld1qSVpcq9:f2OMEqPBRYgFGi0sf9Md1qapcq9

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  a17d26ccee64a05176c0eb3b38e9caab_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  a17d26ccee64a05176c0eb3b38e9caab
- SHA1
  
  00e0f1880606928f88c551dda8db78b64f295a03
- SHA256
  
  3ca70ff1cb99955da2115b5cef743579384f72b1bbee4beff9f2ac9b40abd53d
- SHA512
  
  08f7e7ebe96a77bf853e5dbb6e1829392023895fda09b6150134ba13cd3302dbcda93c6abf5c5b28638d5efd280d16589b41ab461627874484f9445302d3613a
- SSDEEP
  
  24576:f20SYlME+yYPBRgbPhrHAFj5Yi0sakj9xpNj+hFgXC75ld1qSVpcq9:f2OMEqPBRYgFGi0sf9Md1qapcq9
Score

8^/10

discovery persistence
- Drops file in Drivers directory
- Server Software Component: Terminal Services DLL
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence