General
-
Target
e291d9c67860dee1a4b1e77be89c6e33_JaffaCakes118
-
Size
31KB
-
Sample
240406-pypr7sae61
-
MD5
e291d9c67860dee1a4b1e77be89c6e33
-
SHA1
dbd810167bdd1be6b5d7eff8b7a94d8c6d55ad2d
-
SHA256
19ee8f652de2c5fe474decc66cc675c5a6ed7887597ccdc5f9a8f960cb7c74c3
-
SHA512
ec316a1097391f8ca8de56c158b6e1c01a3c52479da035229a948734e1ac47667204e795f84b8f34dd9460509c6382099fb3a5bde57c00720b6965fb74159f94
-
SSDEEP
768:LWqpkjZ9sk8Ta4yuZgliG/8Vml7tnbcuyD7UjNWGI:LRpGovTHXgliG0VmlJnouy8J2
Malware Config
Targets
-
-
Target
e291d9c67860dee1a4b1e77be89c6e33_JaffaCakes118
-
Size
31KB
-
MD5
e291d9c67860dee1a4b1e77be89c6e33
-
SHA1
dbd810167bdd1be6b5d7eff8b7a94d8c6d55ad2d
-
SHA256
19ee8f652de2c5fe474decc66cc675c5a6ed7887597ccdc5f9a8f960cb7c74c3
-
SHA512
ec316a1097391f8ca8de56c158b6e1c01a3c52479da035229a948734e1ac47667204e795f84b8f34dd9460509c6382099fb3a5bde57c00720b6965fb74159f94
-
SSDEEP
768:LWqpkjZ9sk8Ta4yuZgliG/8Vml7tnbcuyD7UjNWGI:LRpGovTHXgliG0VmlJnouy8J2
Score10/10-
UAC bypass
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3