d3d07d5f9818f7531fa667fefeae8627bb5141c538973624d6c4e403387191b1 | Triage

Sharing

General

Target

1c186f01de5b2c94942e630f4f777d18_JaffaCakes118
Size

697KB
Sample

240701-xc2tmsxckj
MD5

1c186f01de5b2c94942e630f4f777d18
SHA1

2ed4384640595888c23d90859180d95a64b1f504
SHA256

d3d07d5f9818f7531fa667fefeae8627bb5141c538973624d6c4e403387191b1
SHA512

bc41502b306a20eb99a14a4511a71b37dd25a0e7f43588a80979cc85e2702f558da28213a77585dac3e8005ca215ddc6625b4f2148f6998dcbc57766d5ffc616
SSDEEP

12288:iPPMnQwGCh8TBgsy3h8VJO5hWzRzONjx5dFacPes8FFi3PpXG1/licdVhANT7yk6:EtwNaBg3IOxNjLdF+UG1/lDdVhkCkMPD

Score

8^/10

adware persistence privilege_escalation stealer

Malware Config

Targets

- Target
  
  1c186f01de5b2c94942e630f4f777d18_JaffaCakes118
- Size
  
  697KB
- MD5
  
  1c186f01de5b2c94942e630f4f777d18
- SHA1
  
  2ed4384640595888c23d90859180d95a64b1f504
- SHA256
  
  d3d07d5f9818f7531fa667fefeae8627bb5141c538973624d6c4e403387191b1
- SHA512
  
  bc41502b306a20eb99a14a4511a71b37dd25a0e7f43588a80979cc85e2702f558da28213a77585dac3e8005ca215ddc6625b4f2148f6998dcbc57766d5ffc616
- SSDEEP
  
  12288:iPPMnQwGCh8TBgsy3h8VJO5hWzRzONjx5dFacPes8FFi3PpXG1/licdVhANT7yk6:EtwNaBg3IOxNjLdF+UG1/lDdVhkCkMPD
Score

8^/10

adware persistence privilege_escalation stealer
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistenceprivilege_escalationstealer

behavioral2