General
-
Target
ab551ebc28e4cbcdcb44b1175e14038b_JaffaCakes118
-
Size
39KB
-
Sample
240819-rgstmssarl
-
MD5
ab551ebc28e4cbcdcb44b1175e14038b
-
SHA1
53b1ce48f2b0cf3c7028184676be7b21485bd45a
-
SHA256
88efeca9b459be5d771417b2fa81626d19e7de3e47a11e4da58302d6c83dc327
-
SHA512
803fe1186d22852d38551996f217b7cef78b4198e10481e6ef2fb64356e8a68f549a8104836809fba9c03f8fbe17c2704adf0456622abdd00ee83e57c97478b6
-
SSDEEP
768:rSo3qCsSrPyHp3fYEVUZ2iNjjwswCX7viSVj/Kz4hnKV9zxdq:WLfQzZ2iNnwslX7LhnINd
Malware Config
Targets
-
-
Target
ab551ebc28e4cbcdcb44b1175e14038b_JaffaCakes118
-
Size
39KB
-
MD5
ab551ebc28e4cbcdcb44b1175e14038b
-
SHA1
53b1ce48f2b0cf3c7028184676be7b21485bd45a
-
SHA256
88efeca9b459be5d771417b2fa81626d19e7de3e47a11e4da58302d6c83dc327
-
SHA512
803fe1186d22852d38551996f217b7cef78b4198e10481e6ef2fb64356e8a68f549a8104836809fba9c03f8fbe17c2704adf0456622abdd00ee83e57c97478b6
-
SSDEEP
768:rSo3qCsSrPyHp3fYEVUZ2iNjjwswCX7viSVj/Kz4hnKV9zxdq:WLfQzZ2iNnwslX7LhnINd
Score10/10-
UAC bypass
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Deletes itself
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1AppInit DLLs
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
1File Deletion
1Modify Registry
2