ea736fad8cb7c8033e61383edbbfaf9e7506e06f3b15e97aef9c514f3cb93d36 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39d58e6af86cc3de81533f7eec16a456_JaffaCakes118
Size

36KB
Sample

240711-tmnszstgkr
MD5

39d58e6af86cc3de81533f7eec16a456
SHA1

322930fc0a6ded10a11ee3a7b0541a4a3a1134d3
SHA256

ea736fad8cb7c8033e61383edbbfaf9e7506e06f3b15e97aef9c514f3cb93d36
SHA512

1f9df420d1757f441035471154b6a603bda5800796030bb525c69daa81df71569d7bc6986789375f8788b2c392a8e170abc7ba209066dde790739a8ec538b054
SSDEEP

768:pfZ2YidJN5kXcyXrCD1tDMByGqnxGm3+IdW:pedEcyXrC/GsnsGdW

Score

8^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  39d58e6af86cc3de81533f7eec16a456_JaffaCakes118
- Size
  
  36KB
- MD5
  
  39d58e6af86cc3de81533f7eec16a456
- SHA1
  
  322930fc0a6ded10a11ee3a7b0541a4a3a1134d3
- SHA256
  
  ea736fad8cb7c8033e61383edbbfaf9e7506e06f3b15e97aef9c514f3cb93d36
- SHA512
  
  1f9df420d1757f441035471154b6a603bda5800796030bb525c69daa81df71569d7bc6986789375f8788b2c392a8e170abc7ba209066dde790739a8ec538b054
- SSDEEP
  
  768:pfZ2YidJN5kXcyXrCD1tDMByGqnxGm3+IdW:pedEcyXrC/GsnsGdW
Score

8^/10

persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation