580f43774de86b2ce6939c47139c7ccd6f293adf41d2a5fd9c015859a9a225fa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3b862b71d8724cec1e1f7e61a26fb977_JaffaCakes118
Size

36KB
Sample

240712-b1y7rswapd
MD5

3b862b71d8724cec1e1f7e61a26fb977
SHA1

63bc1ecd39bc6e2ca91d3ae2de9c15d4fe70f23d
SHA256

580f43774de86b2ce6939c47139c7ccd6f293adf41d2a5fd9c015859a9a225fa
SHA512

840d272f71c93651d45727c2d2927ab3373c4f28651f7d7ff597e3c7380351af8630814878fcaf51fd6aaca6d9eaedf82c09cc39c876195676c5f99b55ede00f
SSDEEP

768:SfZ2YidJN5kXcyXrCD1tDMByGqnxGm3+IdW:SedEcyXrC/GsnsGdW

Score

8^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  3b862b71d8724cec1e1f7e61a26fb977_JaffaCakes118
- Size
  
  36KB
- MD5
  
  3b862b71d8724cec1e1f7e61a26fb977
- SHA1
  
  63bc1ecd39bc6e2ca91d3ae2de9c15d4fe70f23d
- SHA256
  
  580f43774de86b2ce6939c47139c7ccd6f293adf41d2a5fd9c015859a9a225fa
- SHA512
  
  840d272f71c93651d45727c2d2927ab3373c4f28651f7d7ff597e3c7380351af8630814878fcaf51fd6aaca6d9eaedf82c09cc39c876195676c5f99b55ede00f
- SSDEEP
  
  768:SfZ2YidJN5kXcyXrCD1tDMByGqnxGm3+IdW:SedEcyXrC/GsnsGdW
Score

8^/10

persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation