41dddfdd1b3c91ef07760f678a34fe43d6f0466ec68eb07997960eadf37b4241 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2bac879b6cdf577969d2f51d4e435289_JaffaCakes118
Size

1.2MB
Sample

240708-khjh2a1cpn
MD5

2bac879b6cdf577969d2f51d4e435289
SHA1

43aa7e2d78414085d1e049ac00f60a9e0c8daa0b
SHA256

41dddfdd1b3c91ef07760f678a34fe43d6f0466ec68eb07997960eadf37b4241
SHA512

b341fe00a4bcfbc70a80b5fba3e1bcb0b8b0fcfa2073a11c5c91764cbaa1f76c77a2a06628171018b8f09f386b73a144c0bf4762d27778f80d8d81f06d0b43e8
SSDEEP

24576:ewLRW45Pg4at6fBFHeFZH2Xm7UoaSkahXHLGyISBPaYy:rv44aQA122gVSFRBy

Score

8^/10

evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  2bac879b6cdf577969d2f51d4e435289_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  2bac879b6cdf577969d2f51d4e435289
- SHA1
  
  43aa7e2d78414085d1e049ac00f60a9e0c8daa0b
- SHA256
  
  41dddfdd1b3c91ef07760f678a34fe43d6f0466ec68eb07997960eadf37b4241
- SHA512
  
  b341fe00a4bcfbc70a80b5fba3e1bcb0b8b0fcfa2073a11c5c91764cbaa1f76c77a2a06628171018b8f09f386b73a144c0bf4762d27778f80d8d81f06d0b43e8
- SSDEEP
  
  24576:ewLRW45Pg4at6fBFHeFZH2Xm7UoaSkahXHLGyISBPaYy:rv44aQA122gVSFRBy
Score

8^/10

evasion persistence privilege_escalation
- Disables Task Manager via registry modification
  evasion
- Event Triggered Execution: AppCert DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppCert DLLs loaded into processes.
  persistence privilege_escalation
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppCert DLLs

Privilege Escalation

Event Triggered Execution

AppCert DLLs

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceprivilege_escalation

behavioral2

evasionpersistenceprivilege_escalation