4c9a534cb5f2486ef68688c7bfad9485606c8aea794416fa260ddd67a1a66112 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b45354f83433a5954f8e85fec6b801b_JaffaCakes118
Size

44KB
Sample

240708-gzhfhsyaqd
MD5

2b45354f83433a5954f8e85fec6b801b
SHA1

2f85aaf971fc6cc793253dba9289d1a7926c7942
SHA256

4c9a534cb5f2486ef68688c7bfad9485606c8aea794416fa260ddd67a1a66112
SHA512

8c563eb057b968aa900895bcb5e10d48a8ddaa09c37803ced5471118b5f97b6e202a3d52166c2b3c65f1df935fec4267529b55f70b7238485060bb4e45c7c7f4
SSDEEP

384:IrEwZHy6QJxBvrtYpE6VBmYGTdigf1Aypct5l:IrEh6QJ7rtg+YQigf13at5l

Score

8^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  2b45354f83433a5954f8e85fec6b801b_JaffaCakes118
- Size
  
  44KB
- MD5
  
  2b45354f83433a5954f8e85fec6b801b
- SHA1
  
  2f85aaf971fc6cc793253dba9289d1a7926c7942
- SHA256
  
  4c9a534cb5f2486ef68688c7bfad9485606c8aea794416fa260ddd67a1a66112
- SHA512
  
  8c563eb057b968aa900895bcb5e10d48a8ddaa09c37803ced5471118b5f97b6e202a3d52166c2b3c65f1df935fec4267529b55f70b7238485060bb4e45c7c7f4
- SSDEEP
  
  384:IrEwZHy6QJxBvrtYpE6VBmYGTdigf1Aypct5l:IrEh6QJ7rtg+YQigf13at5l
Score

8^/10

persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Accessibility Features

AppInit DLLs

Privilege Escalation

Event Triggered Execution

Accessibility Features

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation