24d481c7fac417539b600d7336fb4793d7f43c047f59dfe0cf6b221474f20b10 | Triage

Sharing

General

Target

5bcddbaa0acbbb0878fc86aa98fbdc5d_JaffaCakes118
Size

7KB
Sample

240719-nwbxwssfjh
MD5

5bcddbaa0acbbb0878fc86aa98fbdc5d
SHA1

15cb73aa294a434beec7c5d739f7a81424a98cc5
SHA256

24d481c7fac417539b600d7336fb4793d7f43c047f59dfe0cf6b221474f20b10
SHA512

ebea4b9ee24d3ea76590342111d0fef06daa81755cb20765ac1ddfed7a52f59474fa675f1dda12037564a1e49246a9844b34cd51b7261543a7c6aeded408d271
SSDEEP

96:PFgCQwDv0234J3j4t0U22PYk0QAMvu4aB1SZODZaAKfdo2gepYq6NCtl:PmCQQ0m4ljr2QGvzaBOQhYdoopYq6sl

Score

7^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  5bcddbaa0acbbb0878fc86aa98fbdc5d_JaffaCakes118
- Size
  
  7KB
- MD5
  
  5bcddbaa0acbbb0878fc86aa98fbdc5d
- SHA1
  
  15cb73aa294a434beec7c5d739f7a81424a98cc5
- SHA256
  
  24d481c7fac417539b600d7336fb4793d7f43c047f59dfe0cf6b221474f20b10
- SHA512
  
  ebea4b9ee24d3ea76590342111d0fef06daa81755cb20765ac1ddfed7a52f59474fa675f1dda12037564a1e49246a9844b34cd51b7261543a7c6aeded408d271
- SSDEEP
  
  96:PFgCQwDv0234J3j4t0U22PYk0QAMvu4aB1SZODZaAKfdo2gepYq6NCtl:PmCQQ0m4ljr2QGvzaBOQhYdoopYq6sl
Score

7^/10

persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation