88e8caeca49f679db10176c1607d028bc14d16ab155f331c6e027886cd4073a3 | Triage

Sharing

General

Target

749925090b8b1b5a2394928220819808_JaffaCakes118
Size

18KB
Sample

240726-sqdxhswbjp
MD5

749925090b8b1b5a2394928220819808
SHA1

5da7d261bb7083f1469f48fb27fb063c9520c1cf
SHA256

88e8caeca49f679db10176c1607d028bc14d16ab155f331c6e027886cd4073a3
SHA512

0fde0e85bf16f275e577d8a7481eb5e7d312f8d036b9f1c77a01a76192cddf45466d5eaf4852c30da43e20dd49f8d9987ab9242325fe4726722c7a07374f7550
SSDEEP

384:FFpjLPIEOfIbzFDRbrQRIj5NMxkE+UIsZe:FFpwEOgFDRbgmTsBo

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  749925090b8b1b5a2394928220819808_JaffaCakes118
- Size
  
  18KB
- MD5
  
  749925090b8b1b5a2394928220819808
- SHA1
  
  5da7d261bb7083f1469f48fb27fb063c9520c1cf
- SHA256
  
  88e8caeca49f679db10176c1607d028bc14d16ab155f331c6e027886cd4073a3
- SHA512
  
  0fde0e85bf16f275e577d8a7481eb5e7d312f8d036b9f1c77a01a76192cddf45466d5eaf4852c30da43e20dd49f8d9987ab9242325fe4726722c7a07374f7550
- SSDEEP
  
  384:FFpjLPIEOfIbzFDRbrQRIj5NMxkE+UIsZe:FFpwEOgFDRbgmTsBo
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Checks for any installed AV software in registry
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2