580e6dc86cdead3e2c638a1d16474c0c4ccbb04fbbdad6fdb8e9dfbe838ed4e2 | Triage

Sharing

General

Target

0a485d639ede266a07552304669164d2_JaffaCakes118
Size

172KB
Sample

240624-xnh6nsxhma
MD5

0a485d639ede266a07552304669164d2
SHA1

fdb893ce06a34568d42ed275f95d31f4c1e53aa5
SHA256

580e6dc86cdead3e2c638a1d16474c0c4ccbb04fbbdad6fdb8e9dfbe838ed4e2
SHA512

71be7597bc5ad912b93740491bb93c901cbb0549999d5fcd0a358c1a30c258108131f0cb48ac185808e8db78537c6dcb801f129b89d0cd89e3af9f17c269aebf
SSDEEP

3072:gcBycVFJkupI+RbgNdA0D90D7fUkUIbNCYsrrlknZGfM4I4s7akKk:gzcVFJkYFedBDiXfBUB7/IaM2

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  0a485d639ede266a07552304669164d2_JaffaCakes118
- Size
  
  172KB
- MD5
  
  0a485d639ede266a07552304669164d2
- SHA1
  
  fdb893ce06a34568d42ed275f95d31f4c1e53aa5
- SHA256
  
  580e6dc86cdead3e2c638a1d16474c0c4ccbb04fbbdad6fdb8e9dfbe838ed4e2
- SHA512
  
  71be7597bc5ad912b93740491bb93c901cbb0549999d5fcd0a358c1a30c258108131f0cb48ac185808e8db78537c6dcb801f129b89d0cd89e3af9f17c269aebf
- SSDEEP
  
  3072:gcBycVFJkupI+RbgNdA0D90D7fUkUIbNCYsrrlknZGfM4I4s7akKk:gzcVFJkYFedBDiXfBUB7/IaM2
Score

7^/10

persistence
- Boot or Logon Autostart Execution: Print Processors
  Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Print Processors

Privilege Escalation

Boot or Logon Autostart Execution

Print Processors

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2