General
-
Target
295ae09e5c51a7d5784701048b1378cd_JaffaCakes118
-
Size
3.9MB
-
Sample
240706-zyex4ssfrl
-
MD5
295ae09e5c51a7d5784701048b1378cd
-
SHA1
63cffe1d85edf48a78f007e635c78a7009c8ee63
-
SHA256
24f9926029a5c647d74ddf37d68a1ac5896c657f2b31d2598d4f92d179cc39f9
-
SHA512
e7d48b65dec39714d61c951899a1b3b7559b22fc2fbf5beaa91b2c65a33665b4dc638dc3ddca4491188e137b53793abe374d89290599ad99cde5d11f7af3dfbe
-
SSDEEP
98304:Y3t90cMXaweRB4gQ9qGl9ODQbm6HMbvoutBBJT9DvOeZLKL6:kLiX5eggoqICQbm7bzBBF9DvOeIu
Malware Config
Targets
-
-
Target
295ae09e5c51a7d5784701048b1378cd_JaffaCakes118
-
Size
3.9MB
-
MD5
295ae09e5c51a7d5784701048b1378cd
-
SHA1
63cffe1d85edf48a78f007e635c78a7009c8ee63
-
SHA256
24f9926029a5c647d74ddf37d68a1ac5896c657f2b31d2598d4f92d179cc39f9
-
SHA512
e7d48b65dec39714d61c951899a1b3b7559b22fc2fbf5beaa91b2c65a33665b4dc638dc3ddca4491188e137b53793abe374d89290599ad99cde5d11f7af3dfbe
-
SSDEEP
98304:Y3t90cMXaweRB4gQ9qGl9ODQbm6HMbvoutBBJT9DvOeZLKL6:kLiX5eggoqICQbm7bzBBF9DvOeIu
Score10/10-
UAC bypass
-
Drops file in Drivers directory
-
Sets service image path in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2