39a6c0df9f429ec14084c8d78c47a3e0a1f2eb2958626befea4b6c7de4321106 | Triage

Sharing

General

Target

29ba19f34fc5d4e5e6d2e07de2a0aa8a_JaffaCakes118
Size

36KB
Sample

240707-eztsfatdmn
MD5

29ba19f34fc5d4e5e6d2e07de2a0aa8a
SHA1

d1fa9ddae40d4be7c19085fa110abffb1889ca5a
SHA256

39a6c0df9f429ec14084c8d78c47a3e0a1f2eb2958626befea4b6c7de4321106
SHA512

a4432ff9c0599858268a48849827526e36252bbe34cf5c25a238bb90ede0f9bd57f17b7ee55673700521ff075674a5dde9c4b49dbd15abd63147c5e814f4f4ba
SSDEEP

768:ijgiGxy+iC146BDRK97J3+ZFWo2iU+DaLW:CMy+hQYFWuaLW

Score

8^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  29ba19f34fc5d4e5e6d2e07de2a0aa8a_JaffaCakes118
- Size
  
  36KB
- MD5
  
  29ba19f34fc5d4e5e6d2e07de2a0aa8a
- SHA1
  
  d1fa9ddae40d4be7c19085fa110abffb1889ca5a
- SHA256
  
  39a6c0df9f429ec14084c8d78c47a3e0a1f2eb2958626befea4b6c7de4321106
- SHA512
  
  a4432ff9c0599858268a48849827526e36252bbe34cf5c25a238bb90ede0f9bd57f17b7ee55673700521ff075674a5dde9c4b49dbd15abd63147c5e814f4f4ba
- SSDEEP
  
  768:ijgiGxy+iC146BDRK97J3+ZFWo2iU+DaLW:CMy+hQYFWuaLW
Score

8^/10

persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation