787fb84b58bedc4dd810375b2e367f4d121f7d8fb79d658429d49092a9329678 | Triage

Sharing

General

Target

46c735b20826cf3c6c2b254f8a9fff87_JaffaCakes118
Size

15KB
Sample

240714-vvjdxazdrn
MD5

46c735b20826cf3c6c2b254f8a9fff87
SHA1

22bea2c35a4ed5d5f43472699184c8ac07710104
SHA256

787fb84b58bedc4dd810375b2e367f4d121f7d8fb79d658429d49092a9329678
SHA512

2e3eefc4020769b124dd211c5378a70cf1f8f7e9e04417d42f058de274e8248815747bde79f9fe06950ca7fe4bd248c0354a43e98490a9053ad9790933d420f4
SSDEEP

384:akaP1tw/hqGDZDZttYUYVbnEMesFCsxw/ZAmWmaMcgAEl:aY5qcZtlybnEMesFCsq/amW5Mcgdl

Score

8^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  46c735b20826cf3c6c2b254f8a9fff87_JaffaCakes118
- Size
  
  15KB
- MD5
  
  46c735b20826cf3c6c2b254f8a9fff87
- SHA1
  
  22bea2c35a4ed5d5f43472699184c8ac07710104
- SHA256
  
  787fb84b58bedc4dd810375b2e367f4d121f7d8fb79d658429d49092a9329678
- SHA512
  
  2e3eefc4020769b124dd211c5378a70cf1f8f7e9e04417d42f058de274e8248815747bde79f9fe06950ca7fe4bd248c0354a43e98490a9053ad9790933d420f4
- SSDEEP
  
  384:akaP1tw/hqGDZDZttYUYVbnEMesFCsxw/ZAmWmaMcgAEl:aY5qcZtlybnEMesFCsq/amW5Mcgdl
Score

8^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation