e39833957b0f9e99d6d2a4c6ce4c28c63f6b083fb5fdded4da7dd3f8eb1c7846 | Triage

Sharing

General

Target

ebc9244e86cc5318d09bf062c67084c2_JaffaCakes118
Size

361KB
Sample

240919-vfrrqszanc
MD5

ebc9244e86cc5318d09bf062c67084c2
SHA1

43cc09cd651af0d0ca4635385dfb4b796085cbda
SHA256

e39833957b0f9e99d6d2a4c6ce4c28c63f6b083fb5fdded4da7dd3f8eb1c7846
SHA512

afdf45dffb3ec3e18d9a9ce3368db16d9594afa8eaad90d7fd64ed90144331ec8021be4b72349f3d35ed76d1bb14dd81b30a8fc3c9abb1334da79bafb63ed9df
SSDEEP

6144:QGs4XwY/HPJ6xzJ44nDWgRAkPUfGQn8xID0DMF+soQWqFqEYXqZwGPmf34fuDpbb:U4XF/H0dJR3PUfGLxe0Dlsfxq5XH3ygb

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  ebc9244e86cc5318d09bf062c67084c2_JaffaCakes118
- Size
  
  361KB
- MD5
  
  ebc9244e86cc5318d09bf062c67084c2
- SHA1
  
  43cc09cd651af0d0ca4635385dfb4b796085cbda
- SHA256
  
  e39833957b0f9e99d6d2a4c6ce4c28c63f6b083fb5fdded4da7dd3f8eb1c7846
- SHA512
  
  afdf45dffb3ec3e18d9a9ce3368db16d9594afa8eaad90d7fd64ed90144331ec8021be4b72349f3d35ed76d1bb14dd81b30a8fc3c9abb1334da79bafb63ed9df
- SSDEEP
  
  6144:QGs4XwY/HPJ6xzJ44nDWgRAkPUfGQn8xID0DMF+soQWqFqEYXqZwGPmf34fuDpbb:U4XF/H0dJR3PUfGLxe0Dlsfxq5XH3ygb
Score

8^/10

discovery persistence
- Server Software Component: Terminal Services DLL
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Server Software Component

Terminal Services DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence