d4be547bce4c819e5334759dad1e4e07878c5ca7c96b797ad1de3fb111322fc2 | Triage

Sharing

General

Target

04316d68b8e1e229bb2c62d213f4d6d7_JaffaCakes118
Size

196KB
Sample

240728-a9lglaybql
MD5

04316d68b8e1e229bb2c62d213f4d6d7
SHA1

2dbfc87428c59e500673a5216c501baba230add4
SHA256

d4be547bce4c819e5334759dad1e4e07878c5ca7c96b797ad1de3fb111322fc2
SHA512

f35dc74f82a3caa48222335d34f9084d648d0f9dbe6a7e07f7265f6f2a86c30f9b0003264536a1dfe13f7b4f3bcb769bd295d9947843f633034220cf7b9fae1b
SSDEEP

3072:83qUZ0Cj9ZMFG3HEfKe1SOPAGq7leTWpF3KVC8cZsvo7AD/eNbMiKkOXjlHlLxOz:hSwyMTWHKVEtA5HkKjlFcqAPe

Score

7^/10

defense_evasion discovery privilege_escalation

Malware Config

Targets

- Target
  
  04316d68b8e1e229bb2c62d213f4d6d7_JaffaCakes118
- Size
  
  196KB
- MD5
  
  04316d68b8e1e229bb2c62d213f4d6d7
- SHA1
  
  2dbfc87428c59e500673a5216c501baba230add4
- SHA256
  
  d4be547bce4c819e5334759dad1e4e07878c5ca7c96b797ad1de3fb111322fc2
- SHA512
  
  f35dc74f82a3caa48222335d34f9084d648d0f9dbe6a7e07f7265f6f2a86c30f9b0003264536a1dfe13f7b4f3bcb769bd295d9947843f633034220cf7b9fae1b
- SSDEEP
  
  3072:83qUZ0Cj9ZMFG3HEfKe1SOPAGq7leTWpF3KVC8cZsvo7AD/eNbMiKkOXjlHlLxOz:hSwyMTWHKVEtA5HkKjlFcqAPe
Score

7^/10

defense_evasion discovery privilege_escalation
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Access Token Manipulation

Create Process with Token

Defense Evasion

Access Token Manipulation

Create Process with Token

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryprivilege_escalation

behavioral2

defense_evasiondiscoveryprivilege_escalation