3e5d6c55246de1dd7afd452b020fd5501bc3add302236d91921caa59c21f3b47 | Triage

Sharing

General

Target

25e126bbf7c091de75d4bd1fdd486d67_JaffaCakes118
Size

36KB
Sample

240704-xkx6estcnm
MD5

25e126bbf7c091de75d4bd1fdd486d67
SHA1

de4480e9c797ed2b15f996ceb443c0e1f97b019a
SHA256

3e5d6c55246de1dd7afd452b020fd5501bc3add302236d91921caa59c21f3b47
SHA512

5052e5c4d2009cb838f1c8a1dbbff1f540ebc9a7c4cad899ae73c0d05d34c55f029f046179286be8985b35ef4b3af1901ff567a763482fe501c1a7df56c23e2f
SSDEEP

384:mOgGIbRJpai9c49Wigp5/y+ixe1+B6BDR+v+I7J3SvwKF58o2iU+:ijgiGxy+is1M6BDRK97J3+ZFWo2iU+

Score

8^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  25e126bbf7c091de75d4bd1fdd486d67_JaffaCakes118
- Size
  
  36KB
- MD5
  
  25e126bbf7c091de75d4bd1fdd486d67
- SHA1
  
  de4480e9c797ed2b15f996ceb443c0e1f97b019a
- SHA256
  
  3e5d6c55246de1dd7afd452b020fd5501bc3add302236d91921caa59c21f3b47
- SHA512
  
  5052e5c4d2009cb838f1c8a1dbbff1f540ebc9a7c4cad899ae73c0d05d34c55f029f046179286be8985b35ef4b3af1901ff567a763482fe501c1a7df56c23e2f
- SSDEEP
  
  384:mOgGIbRJpai9c49Wigp5/y+ixe1+B6BDR+v+I7J3SvwKF58o2iU+:ijgiGxy+is1M6BDRK97J3+ZFWo2iU+
Score

8^/10

persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation