8d2696e3162827cbc28f3100be33a08ffc99414fe3d28cc7b1f25344afc438af | Triage

Sharing

General

Target

3b331741b9f58cfe23bfdedfaeecf8cc_JaffaCakes118
Size

9KB
Sample

240711-3smbsasbqf
MD5

3b331741b9f58cfe23bfdedfaeecf8cc
SHA1

4b3640e521c19f7717de860366b06bb9fd081010
SHA256

8d2696e3162827cbc28f3100be33a08ffc99414fe3d28cc7b1f25344afc438af
SHA512

7d7c624f71c24d9c119541b5d2c72278dc260d3402601b3a2987d0c449b64d0e72d15332c6e20be77a1afd866fa8895b2a2211cd739dd84fb4ec4889d54fe77c
SSDEEP

192:hjnhR1bneNit+V/XJyN7AhAV+Uw08CtkgUw95/nnG:hjuK+V/27AiwUwTCCIu

Score

8^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  3b331741b9f58cfe23bfdedfaeecf8cc_JaffaCakes118
- Size
  
  9KB
- MD5
  
  3b331741b9f58cfe23bfdedfaeecf8cc
- SHA1
  
  4b3640e521c19f7717de860366b06bb9fd081010
- SHA256
  
  8d2696e3162827cbc28f3100be33a08ffc99414fe3d28cc7b1f25344afc438af
- SHA512
  
  7d7c624f71c24d9c119541b5d2c72278dc260d3402601b3a2987d0c449b64d0e72d15332c6e20be77a1afd866fa8895b2a2211cd739dd84fb4ec4889d54fe77c
- SSDEEP
  
  192:hjnhR1bneNit+V/XJyN7AhAV+Uw08CtkgUw95/nnG:hjuK+V/27AiwUwTCCIu
Score

8^/10

persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation