9a5fb1e780cd2e99abfe2146fceb7bba9a973e4c3ed20d74ae11dd128cd12a74 | Triage

Sharing

General

Target

17c28486e68d77561ad0c9fdb38c32af_JaffaCakes118
Size

66KB
Sample

240627-2dlahavbnc
MD5

17c28486e68d77561ad0c9fdb38c32af
SHA1

c27b625cf42272507f06bd7f81264a2f213701a6
SHA256

9a5fb1e780cd2e99abfe2146fceb7bba9a973e4c3ed20d74ae11dd128cd12a74
SHA512

a9a8c957039393ab944e4420246311e7bc82f0383d8fed9cf6e04a69ae07a3eee65e3388122c02cd4934b64ab5174902ef4aaa5dab92212d73c3f8da1fb9d254
SSDEEP

1536:6eD44YF3StnpVeQY0NWtI+pwPb2rQwa29mDTz/8w:61F3SxpZY1I+pJ7aimF

Score

8^/10

persistence privilege_escalation vmprotect

Malware Config

Targets

- Target
  
  17c28486e68d77561ad0c9fdb38c32af_JaffaCakes118
- Size
  
  66KB
- MD5
  
  17c28486e68d77561ad0c9fdb38c32af
- SHA1
  
  c27b625cf42272507f06bd7f81264a2f213701a6
- SHA256
  
  9a5fb1e780cd2e99abfe2146fceb7bba9a973e4c3ed20d74ae11dd128cd12a74
- SHA512
  
  a9a8c957039393ab944e4420246311e7bc82f0383d8fed9cf6e04a69ae07a3eee65e3388122c02cd4934b64ab5174902ef4aaa5dab92212d73c3f8da1fb9d254
- SSDEEP
  
  1536:6eD44YF3StnpVeQY0NWtI+pwPb2rQwa29mDTz/8w:61F3SxpZY1I+pJ7aimF
Score

8^/10

persistence privilege_escalation vmprotect
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalationvmprotect

behavioral2

persistenceprivilege_escalationvmprotect