8f0872bc0c6b4c5bff5071bb9371cd1b8708d5ee6f1ec258635ebc5e631a5c46 | Triage

Sharing

General

Target

769209838a423712a214cbeeff73772f_JaffaCakes118
Size

36KB
Sample

240727-bzjexsycml
MD5

769209838a423712a214cbeeff73772f
SHA1

e3555416952a4bec8cb0ad3791ff09ab3ead5a74
SHA256

8f0872bc0c6b4c5bff5071bb9371cd1b8708d5ee6f1ec258635ebc5e631a5c46
SHA512

17c94487d59b401c4f3e40a60286ee659e78c84adfb9763290605204a53f9a23146e828a371baf60109dbb8b8c67cac8918ae5f203c654625b9007bb2d61a19c
SSDEEP

768:SjgiGxy+iC146BDRK97J3+ZFWo2iU+DaLW:yMy+hQYFWuaLW

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  769209838a423712a214cbeeff73772f_JaffaCakes118
- Size
  
  36KB
- MD5
  
  769209838a423712a214cbeeff73772f
- SHA1
  
  e3555416952a4bec8cb0ad3791ff09ab3ead5a74
- SHA256
  
  8f0872bc0c6b4c5bff5071bb9371cd1b8708d5ee6f1ec258635ebc5e631a5c46
- SHA512
  
  17c94487d59b401c4f3e40a60286ee659e78c84adfb9763290605204a53f9a23146e828a371baf60109dbb8b8c67cac8918ae5f203c654625b9007bb2d61a19c
- SSDEEP
  
  768:SjgiGxy+iC146BDRK97J3+ZFWo2iU+DaLW:yMy+hQYFWuaLW
Score

8^/10

discovery persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation