Overview

overview

10

Static

static

3

d4cde21ca1...18.exe

windows7-x64

10

d4cde21ca1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d4cde21ca134d39802f2e16f0f3f6828_JaffaCakes118

  • Size

    381KB

  • Sample

    240908-t5ps1ayfld

  • MD5

    d4cde21ca134d39802f2e16f0f3f6828

  • SHA1

    6a4a954954bd98bdfb490444575ab9036adff315

  • SHA256

    486df1776eaf38215d28d8f8d9a17067b712ff41d2ed653ec9767bc9477a148c

  • SHA512

    4619b35b8cb9aec1e224ab4b9f94ebf7653b1f2e2f961189df325658c6a565315dafe9d9bd8ce8032791c044e83def2bd9ff5f44d9e983c8601696a38838b5f9

  • SSDEEP

    6144:xEdnEOr16I1RbHFbI8hhT24HzDE7GRAIgQm4+MCJlz/f5:WdnEOrYIDrLq4HWI3m/FHz/f5

Score
10/10
discoveryevasionexecutionlateral_movement

Malware Config

Targets

    • Target

      d4cde21ca134d39802f2e16f0f3f6828_JaffaCakes118

    • Size

      381KB

    • MD5

      d4cde21ca134d39802f2e16f0f3f6828

    • SHA1

      6a4a954954bd98bdfb490444575ab9036adff315

    • SHA256

      486df1776eaf38215d28d8f8d9a17067b712ff41d2ed653ec9767bc9477a148c

    • SHA512

      4619b35b8cb9aec1e224ab4b9f94ebf7653b1f2e2f961189df325658c6a565315dafe9d9bd8ce8032791c044e83def2bd9ff5f44d9e983c8601696a38838b5f9

    • SSDEEP

      6144:xEdnEOr16I1RbHFbI8hhT24HzDE7GRAIgQm4+MCJlz/f5:WdnEOrYIDrLq4HWI3m/FHz/f5

    Score
    10/10
    discoveryevasionexecutionlateral_movement

    • Disables service(s)

      evasionexecution

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Remote Services: SMB/Windows Admin Shares

      Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).

      lateral_movement
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Remote Services

1
T1021

SMB/Windows Admin Shares

1
T1021.002

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Resource Development

Reconnaissance

Tasks