20cc142142d8930aeb96deb3c3606763945f498aa63cf8275eaa7a4db7c289ee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

efb78cb1ba581ecdb2f0b17e9198ee7b_JaffaCakes118
Size

3KB
Sample

240921-nt8tvazgmg
MD5

efb78cb1ba581ecdb2f0b17e9198ee7b
SHA1

b2b0259c26189b4d155ac50c87a9016f7df0cb68
SHA256

20cc142142d8930aeb96deb3c3606763945f498aa63cf8275eaa7a4db7c289ee
SHA512

4cba393a14cb7b8068039547ad2a459014d2e9b5ccdb425adc3b0e8fbc5f8bb6ba44ec66f455a8ec5e09a2a3585ce207d9a970b34d747ace1bfa3c2965b46991

Score

10^/10

discovery

Malware Config

Targets

- Target
  
  efb78cb1ba581ecdb2f0b17e9198ee7b_JaffaCakes118
- Size
  
  3KB
- MD5
  
  efb78cb1ba581ecdb2f0b17e9198ee7b
- SHA1
  
  b2b0259c26189b4d155ac50c87a9016f7df0cb68
- SHA256
  
  20cc142142d8930aeb96deb3c3606763945f498aa63cf8275eaa7a4db7c289ee
- SHA512
  
  4cba393a14cb7b8068039547ad2a459014d2e9b5ccdb425adc3b0e8fbc5f8bb6ba44ec66f455a8ec5e09a2a3585ce207d9a970b34d747ace1bfa3c2965b46991
Score

10^/10

discovery
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2