af88f6d760aadb2386f20cc906940eadcd7f48df3ad444cd78e1ae6aa77ef1a5 | Triage

Sharing

General

Target

affad6a6c657608f7ac958e38bcecc02_JaffaCakes118
Size

261KB
Sample

240820-t2a6fascmf
MD5

affad6a6c657608f7ac958e38bcecc02
SHA1

2d078abf6c184ad210d4a65028c81169082764aa
SHA256

af88f6d760aadb2386f20cc906940eadcd7f48df3ad444cd78e1ae6aa77ef1a5
SHA512

9e21ca5b297cbbb324a472bc9f92d6165344261faafceb2e6bec573a045a03d8f8b44019ad328dc5cb031a762417aa716fdd644ad779d652eae236b1d6f428bd
SSDEEP

3072:DkHJ32fINj+uSLiZWzANhiR3rpIdcEW6BExUm9EKUc/wdN6krLz1Xxek9Ao32niG:DPfWiFiZziR3r/EUU4EhzrLBXxzAo4p

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  affad6a6c657608f7ac958e38bcecc02_JaffaCakes118
- Size
  
  261KB
- MD5
  
  affad6a6c657608f7ac958e38bcecc02
- SHA1
  
  2d078abf6c184ad210d4a65028c81169082764aa
- SHA256
  
  af88f6d760aadb2386f20cc906940eadcd7f48df3ad444cd78e1ae6aa77ef1a5
- SHA512
  
  9e21ca5b297cbbb324a472bc9f92d6165344261faafceb2e6bec573a045a03d8f8b44019ad328dc5cb031a762417aa716fdd644ad779d652eae236b1d6f428bd
- SSDEEP
  
  3072:DkHJ32fINj+uSLiZWzANhiR3rpIdcEW6BExUm9EKUc/wdN6krLz1Xxek9Ao32niG:DPfWiFiZziR3r/EUU4EhzrLBXxzAo4p
Score

8^/10

discovery persistence privilege_escalation
- Event Triggered Execution: AppCert DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppCert DLLs loaded into processes.
  persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppCert DLLs

Privilege Escalation

Event Triggered Execution

AppCert DLLs

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation