17197c9e103636ab7e6c0615e4b0143c0579d52a4a9f0b0f77dd6d91dca4fa9e | Triage

Sharing

General

Target

26c1c05472608fc132a6de9b2f036f0f_JaffaCakes118
Size

72KB
Sample

240705-agqwlszdjf
MD5

26c1c05472608fc132a6de9b2f036f0f
SHA1

c803dbacea063ba7e190df719d71d0d956c68dbc
SHA256

17197c9e103636ab7e6c0615e4b0143c0579d52a4a9f0b0f77dd6d91dca4fa9e
SHA512

6d9f45c90498249422b2a99ed419cdb129cddf225586f68bf42e9d85a1ca7e9a45c288cfcb485a3554b03aa2f5138cd011e9f937d4d548b1209c68aea984f836
SSDEEP

768:bO5MoPND/5Ge2oU8RsodAJLr6gMiibj6Pt29oeHvXE6oMwwrmt9Xd17jV6M:v4j6odAp6gMiGDoOE6Kbt9PnV

Score

8^/10

evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  26c1c05472608fc132a6de9b2f036f0f_JaffaCakes118
- Size
  
  72KB
- MD5
  
  26c1c05472608fc132a6de9b2f036f0f
- SHA1
  
  c803dbacea063ba7e190df719d71d0d956c68dbc
- SHA256
  
  17197c9e103636ab7e6c0615e4b0143c0579d52a4a9f0b0f77dd6d91dca4fa9e
- SHA512
  
  6d9f45c90498249422b2a99ed419cdb129cddf225586f68bf42e9d85a1ca7e9a45c288cfcb485a3554b03aa2f5138cd011e9f937d4d548b1209c68aea984f836
- SSDEEP
  
  768:bO5MoPND/5Ge2oU8RsodAJLr6gMiibj6Pt29oeHvXE6oMwwrmt9Xd17jV6M:v4j6odAp6gMiGDoOE6Kbt9PnV
Score

8^/10

evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceprivilege_escalation

behavioral2