b16b6d5a80cc32b3fce1b398fa4e2e5adf2439630f665befadee3ee4b9f90fe3 | Triage

Sharing

General

Target

77f6ed024893f9476d575cdb542d1dfe_JaffaCakes118
Size

278KB
Sample

240727-m5ejpswdnr
MD5

77f6ed024893f9476d575cdb542d1dfe
SHA1

2b2a7accd397f31be66d616007f1b25c1e6c5649
SHA256

b16b6d5a80cc32b3fce1b398fa4e2e5adf2439630f665befadee3ee4b9f90fe3
SHA512

a6d1994434169886f78379748a36797b40523ffbd7e196f9d677e9dcfdc985f3347b7402e544d9f5f615523543f9a921a180fa8b15fa9902c4c767d9e18a6ff5
SSDEEP

6144:9IJxXDdmC+IkVOje3reitQZVEMyzHIf9i6HSjcdCHuU:WfzdmCmzTtQZfyzoFhyjcdCp

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  77f6ed024893f9476d575cdb542d1dfe_JaffaCakes118
- Size
  
  278KB
- MD5
  
  77f6ed024893f9476d575cdb542d1dfe
- SHA1
  
  2b2a7accd397f31be66d616007f1b25c1e6c5649
- SHA256
  
  b16b6d5a80cc32b3fce1b398fa4e2e5adf2439630f665befadee3ee4b9f90fe3
- SHA512
  
  a6d1994434169886f78379748a36797b40523ffbd7e196f9d677e9dcfdc985f3347b7402e544d9f5f615523543f9a921a180fa8b15fa9902c4c767d9e18a6ff5
- SSDEEP
  
  6144:9IJxXDdmC+IkVOje3reitQZVEMyzHIf9i6HSjcdCHuU:WfzdmCmzTtQZfyzoFhyjcdCp
Score

8^/10

discovery persistence privilege_escalation
- Event Triggered Execution: AppCert DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppCert DLLs loaded into processes.
  persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppCert DLLs

Privilege Escalation

Event Triggered Execution

AppCert DLLs

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation