5bd2b621ae65adc56421aeca86e023e0399309467f3cb744647d76c0aa6ed263 | Triage

Sharing

General

Target

6746a46d8023849b2ee3bcb88bfbf05c_JaffaCakes118
Size

143KB
Sample

240723-mw12casflp
MD5

6746a46d8023849b2ee3bcb88bfbf05c
SHA1

0c63d0856fafb1e2ecfdae13f309cb34acf74e8c
SHA256

5bd2b621ae65adc56421aeca86e023e0399309467f3cb744647d76c0aa6ed263
SHA512

c6bf76062d81d84ff39677bf927b01d02f2de8597c359cafea263c353354c18ea4371771601f07d68524c0413074bdbabb1fd6a2e525cdd4e0042b6099d4fb02
SSDEEP

3072:ME5wSKjV1GPf3hvXnd6r7ddQNUgZUl3mypDZ8sYFW4kUXEnDQq:MPSK+XhPn8kGgZUl3my9wec

Score

8^/10

evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  6746a46d8023849b2ee3bcb88bfbf05c_JaffaCakes118
- Size
  
  143KB
- MD5
  
  6746a46d8023849b2ee3bcb88bfbf05c
- SHA1
  
  0c63d0856fafb1e2ecfdae13f309cb34acf74e8c
- SHA256
  
  5bd2b621ae65adc56421aeca86e023e0399309467f3cb744647d76c0aa6ed263
- SHA512
  
  c6bf76062d81d84ff39677bf927b01d02f2de8597c359cafea263c353354c18ea4371771601f07d68524c0413074bdbabb1fd6a2e525cdd4e0042b6099d4fb02
- SSDEEP
  
  3072:ME5wSKjV1GPf3hvXnd6r7ddQNUgZUl3mypDZ8sYFW4kUXEnDQq:MPSK+XhPn8kGgZUl3my9wec
Score

8^/10

evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceprivilege_escalation

behavioral2