60401aa45839a9aba33de1161e8cdba74ac8e8b90f721151b534c45cdc044461 | Triage

Sharing

General

Target

be3c179f97c8409ccfb3e932cf95092d_JaffaCakes118
Size

181KB
Sample

241203-twb6jssrfs
MD5

be3c179f97c8409ccfb3e932cf95092d
SHA1

1c9343f7fdb2c3332cb060d1cbeb8a927611315b
SHA256

60401aa45839a9aba33de1161e8cdba74ac8e8b90f721151b534c45cdc044461
SHA512

6f267dac16666f02a21ba98255cf825cae2bfdb77b60aa580aca26e5ad5d8ed74662e702d8d27afe82389372c92f34d4f67fb0fa82deac7deef8102a17ca70be
SSDEEP

3072:zcFbqzk5h9NAY/WMKjmYa33PsrNjf4N5kjJGL52DmnFMz3pP95CYwFnjED:IFbqzk4Meml3PsrNENGvCyzx

Score

10^/10

discovery evasion

Malware Config

Targets

- Target
  
  be3c179f97c8409ccfb3e932cf95092d_JaffaCakes118
- Size
  
  181KB
- MD5
  
  be3c179f97c8409ccfb3e932cf95092d
- SHA1
  
  1c9343f7fdb2c3332cb060d1cbeb8a927611315b
- SHA256
  
  60401aa45839a9aba33de1161e8cdba74ac8e8b90f721151b534c45cdc044461
- SHA512
  
  6f267dac16666f02a21ba98255cf825cae2bfdb77b60aa580aca26e5ad5d8ed74662e702d8d27afe82389372c92f34d4f67fb0fa82deac7deef8102a17ca70be
- SSDEEP
  
  3072:zcFbqzk5h9NAY/WMKjmYa33PsrNjf4N5kjJGL52DmnFMz3pP95CYwFnjED:IFbqzk4Meml3PsrNENGvCyzx
Score

10^/10

discovery evasion
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2