548b315988bb1bfe00b7dae565cd3c10dcf62fc929fecba0667cbbcf4cf7c553 | Triage

Sharing

General

Target

0ab1f7621e9a11989a450cb6b0db3289_JaffaCakes118
Size

183KB
Sample

240624-y9nhysvcjp
MD5

0ab1f7621e9a11989a450cb6b0db3289
SHA1

8f270c07feef6afc76e8f510a323604db8aaf4d0
SHA256

548b315988bb1bfe00b7dae565cd3c10dcf62fc929fecba0667cbbcf4cf7c553
SHA512

f98e28f21253ecf7ce04c07851908b72dfcfad809ccf414085621d518982c015aa8e94fb15a9eccce39f1f3a9b1c0bb03b3c54fda8345386f1386947eb1686e5
SSDEEP

3072:Icmq9eUUzHm8+qCPRDpGb1PgCWWkJRXtDhM4d8hzGlbP:b96zFc5DpGZPKWGRXRhMhA

Score

7^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  0ab1f7621e9a11989a450cb6b0db3289_JaffaCakes118
- Size
  
  183KB
- MD5
  
  0ab1f7621e9a11989a450cb6b0db3289
- SHA1
  
  8f270c07feef6afc76e8f510a323604db8aaf4d0
- SHA256
  
  548b315988bb1bfe00b7dae565cd3c10dcf62fc929fecba0667cbbcf4cf7c553
- SHA512
  
  f98e28f21253ecf7ce04c07851908b72dfcfad809ccf414085621d518982c015aa8e94fb15a9eccce39f1f3a9b1c0bb03b3c54fda8345386f1386947eb1686e5
- SSDEEP
  
  3072:Icmq9eUUzHm8+qCPRDpGb1PgCWWkJRXtDhM4d8hzGlbP:b96zFc5DpGZPKWGRXRhMhA
Score

7^/10

persistence privilege_escalation
- Deletes itself
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation