5d46cde4362b3a0d2377ef8bbd08eb7a729aa36164c88a5c74a1825711d64c92 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4cb53a7044145a232c129c9ed7e4240a_JaffaCakes118
Size

100KB
Sample

240716-ef7j7awhjc
MD5

4cb53a7044145a232c129c9ed7e4240a
SHA1

d9828e42a6e891a84ecf6629088b22e8dcdf5186
SHA256

5d46cde4362b3a0d2377ef8bbd08eb7a729aa36164c88a5c74a1825711d64c92
SHA512

71e3447043c53d6f56b786195c70c938fb073dd391823f20ac692a31c873c4a79a9bf1b00ab3cda8bee98fabcd7856fe6e0132c98d69e1e7c8809f8f906e441e
SSDEEP

3072:HkXdbvsipFYj+BDZDnIIhneaYY9Wqfgo2Y:H0r8g79W7Y

Score

8^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  4cb53a7044145a232c129c9ed7e4240a_JaffaCakes118
- Size
  
  100KB
- MD5
  
  4cb53a7044145a232c129c9ed7e4240a
- SHA1
  
  d9828e42a6e891a84ecf6629088b22e8dcdf5186
- SHA256
  
  5d46cde4362b3a0d2377ef8bbd08eb7a729aa36164c88a5c74a1825711d64c92
- SHA512
  
  71e3447043c53d6f56b786195c70c938fb073dd391823f20ac692a31c873c4a79a9bf1b00ab3cda8bee98fabcd7856fe6e0132c98d69e1e7c8809f8f906e441e
- SSDEEP
  
  3072:HkXdbvsipFYj+BDZDnIIhneaYY9Wqfgo2Y:H0r8g79W7Y
Score

8^/10

persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation