af784122e09b3e62f729164105a64e96d5bc687eaeaad06b17597d085d3cfe70 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6028d40abb4d88daef7aea1a5f0abc31_JaffaCakes118
Size

352KB
Sample

240720-mr79vssamd
MD5

6028d40abb4d88daef7aea1a5f0abc31
SHA1

45e8aaf58f285cefb18c58e51539e1201a8d0fa7
SHA256

af784122e09b3e62f729164105a64e96d5bc687eaeaad06b17597d085d3cfe70
SHA512

085544e42552e770e822960f0db2d6da517fe8030d48b1becc2c70be4099349b50b52c4b5694f846466e274ee6047d967603b804ae2dcde0857817a6ae18ed5c
SSDEEP

1536:WmwKcsNXICwlfYY4gzJOMwDIl5kFilMA4fjOkTTdqruZlVBxgCFjn5O:V9KCYX0MwDIpshTQu3nzxns

Score

7^/10

defense_evasion privilege_escalation

Malware Config

Targets

- Target
  
  6028d40abb4d88daef7aea1a5f0abc31_JaffaCakes118
- Size
  
  352KB
- MD5
  
  6028d40abb4d88daef7aea1a5f0abc31
- SHA1
  
  45e8aaf58f285cefb18c58e51539e1201a8d0fa7
- SHA256
  
  af784122e09b3e62f729164105a64e96d5bc687eaeaad06b17597d085d3cfe70
- SHA512
  
  085544e42552e770e822960f0db2d6da517fe8030d48b1becc2c70be4099349b50b52c4b5694f846466e274ee6047d967603b804ae2dcde0857817a6ae18ed5c
- SSDEEP
  
  1536:WmwKcsNXICwlfYY4gzJOMwDIl5kFilMA4fjOkTTdqruZlVBxgCFjn5O:V9KCYX0MwDIpshTQu3nzxns
Score

7^/10

defense_evasion privilege_escalation
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Access Token Manipulation

Create Process with Token

Defense Evasion

Access Token Manipulation

Create Process with Token

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionprivilege_escalation

behavioral2

defense_evasionprivilege_escalation