36a0b1c10cbca1dd10d6903d3562038a7d4361b1ba5406924745cccf22347d69 | Triage

Sharing

General

Target

0afde27f3ef40b9717d57a9d9064bdea_JaffaCakes118
Size

131KB
Sample

240624-2gebcsvhjg
MD5

0afde27f3ef40b9717d57a9d9064bdea
SHA1

5ac545ec03b8fb0e014c16696a274e744255e1d0
SHA256

36a0b1c10cbca1dd10d6903d3562038a7d4361b1ba5406924745cccf22347d69
SHA512

b858c22b17a6ecbb37a978694bccd86c673a69b60afeaacfaf0718095cf26bef6ec793553c0282ae71492cb62c0ebc6536ba417941f487aa9967d03c159e27c2
SSDEEP

3072:h4WhoHuWIRRbAqVEnO6Zs94UHSKvD7EqNTchl1YHKUI1P:h9hUu9bAqfysKUHvvD7EqZcIxI1P

Score

8^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  0afde27f3ef40b9717d57a9d9064bdea_JaffaCakes118
- Size
  
  131KB
- MD5
  
  0afde27f3ef40b9717d57a9d9064bdea
- SHA1
  
  5ac545ec03b8fb0e014c16696a274e744255e1d0
- SHA256
  
  36a0b1c10cbca1dd10d6903d3562038a7d4361b1ba5406924745cccf22347d69
- SHA512
  
  b858c22b17a6ecbb37a978694bccd86c673a69b60afeaacfaf0718095cf26bef6ec793553c0282ae71492cb62c0ebc6536ba417941f487aa9967d03c159e27c2
- SSDEEP
  
  3072:h4WhoHuWIRRbAqVEnO6Zs94UHSKvD7EqNTchl1YHKUI1P:h9hUu9bAqfysKUHvvD7EqZcIxI1P
Score

8^/10

persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation