b49ccfe2ad839e45226ac54e973959f59c8a231cc896853ce69ab1bcb58b4e4c | Triage

Sharing

General

Target

b332d89800caa9d70880c0f8ec09e97e_JaffaCakes118
Size

100KB
Sample

240821-m23gcsybrk
MD5

b332d89800caa9d70880c0f8ec09e97e
SHA1

1249fe6966e8a5456017045a70ef20977efcc13d
SHA256

b49ccfe2ad839e45226ac54e973959f59c8a231cc896853ce69ab1bcb58b4e4c
SHA512

c55426c54a6402a202986d93f92657905310b33fa67d6830c8ff8757983828b91e3b09639505a08ad9c79bd277c033617875c2e0706220c0a8333b428b1b6a7b
SSDEEP

1536:fRYlA3/PglGdFkTwXK85xViX3bDxewOMSAyHs2sUeewEMzdrydjS9oNeO:al3Ki0Z7YXkrnvTzwZzdm+9oNP

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  b332d89800caa9d70880c0f8ec09e97e_JaffaCakes118
- Size
  
  100KB
- MD5
  
  b332d89800caa9d70880c0f8ec09e97e
- SHA1
  
  1249fe6966e8a5456017045a70ef20977efcc13d
- SHA256
  
  b49ccfe2ad839e45226ac54e973959f59c8a231cc896853ce69ab1bcb58b4e4c
- SHA512
  
  c55426c54a6402a202986d93f92657905310b33fa67d6830c8ff8757983828b91e3b09639505a08ad9c79bd277c033617875c2e0706220c0a8333b428b1b6a7b
- SSDEEP
  
  1536:fRYlA3/PglGdFkTwXK85xViX3bDxewOMSAyHs2sUeewEMzdrydjS9oNeO:al3Ki0Z7YXkrnvTzwZzdm+9oNP
Score

8^/10

discovery persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation