8dcc5cd84b9a378b893cbefdb31156d060d2a14485d001652f99b26c30fcff7d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a262d7f4a51bf06d64692f50ed5fd3b0_JaffaCakes118
Size

93KB
Sample

240817-nsfrnstcka
MD5

a262d7f4a51bf06d64692f50ed5fd3b0
SHA1

743d283cac183231aa1cf7df1f96c741a17d5120
SHA256

8dcc5cd84b9a378b893cbefdb31156d060d2a14485d001652f99b26c30fcff7d
SHA512

3a714a3d6499b93f350501556714948a6658650736a3de92c82e3e3d1641481f650a444ad553e677ccc38948bb40039a844a9d0791ac5508ae1436a34f8b69d1
SSDEEP

1536:DG8xYdykBMatQNgyk9IEBlnBO/N7hV8vZRTp:DG82sOtQNg9HzQ/N7XIp

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  a262d7f4a51bf06d64692f50ed5fd3b0_JaffaCakes118
- Size
  
  93KB
- MD5
  
  a262d7f4a51bf06d64692f50ed5fd3b0
- SHA1
  
  743d283cac183231aa1cf7df1f96c741a17d5120
- SHA256
  
  8dcc5cd84b9a378b893cbefdb31156d060d2a14485d001652f99b26c30fcff7d
- SHA512
  
  3a714a3d6499b93f350501556714948a6658650736a3de92c82e3e3d1641481f650a444ad553e677ccc38948bb40039a844a9d0791ac5508ae1436a34f8b69d1
- SSDEEP
  
  1536:DG8xYdykBMatQNgyk9IEBlnBO/N7hV8vZRTp:DG82sOtQNg9HzQ/N7XIp
Score

7^/10

discovery persistence privilege_escalation
- Loads dropped DLL
- Boot or Logon Autostart Execution: Authentication Package
  Suspicious Windows Authentication Registry Modification.
  persistence privilege_escalation
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Authentication Package

Privilege Escalation

Boot or Logon Autostart Execution

Authentication Package

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation