840319291a9accaec71ad66644a813f372a4f03948f3fcd60859f0923c367c2f | Triage

Sharing

General

Target

fcbd4404a140866f50c98b8564572545_JaffaCakes118
Size

27KB
Sample

240928-vej1hawdql
MD5

fcbd4404a140866f50c98b8564572545
SHA1

d4eea9ca019e36ce206bb6f51386cb226b45534f
SHA256

840319291a9accaec71ad66644a813f372a4f03948f3fcd60859f0923c367c2f
SHA512

dfe2ad4982f8c76cf2d8d8051970b1fd1a0d32611d77189fb493fa4dfba8180036445b0362701e832f253c1678b374fa83a53b75aa4fad8caff636ae13e7c3be
SSDEEP

384:iXIGP+MQ9aBfDnnWI1k/9lM5YSf0Z9xFMJ5irw6+Tdkn3ouoQXeOBfWB0n6nqWj:nGP+3aBLnFk/XM5yZrCiSTdkuOBfuqW

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  fcbd4404a140866f50c98b8564572545_JaffaCakes118
- Size
  
  27KB
- MD5
  
  fcbd4404a140866f50c98b8564572545
- SHA1
  
  d4eea9ca019e36ce206bb6f51386cb226b45534f
- SHA256
  
  840319291a9accaec71ad66644a813f372a4f03948f3fcd60859f0923c367c2f
- SHA512
  
  dfe2ad4982f8c76cf2d8d8051970b1fd1a0d32611d77189fb493fa4dfba8180036445b0362701e832f253c1678b374fa83a53b75aa4fad8caff636ae13e7c3be
- SSDEEP
  
  384:iXIGP+MQ9aBfDnnWI1k/9lM5YSf0Z9xFMJ5irw6+Tdkn3ouoQXeOBfWB0n6nqWj:nGP+3aBLnFk/XM5yZrCiSTdkuOBfuqW
Score

8^/10

discovery persistence
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence