Overview

overview

8

Static

static

3

ba4e2862fa...18.dll

windows7-x64

8

ba4e2862fa...18.dll

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    ba4e2862faf386dd996d0567f1c645a4_JaffaCakes118

  • Size

    36KB

  • Sample

    240823-er487sxbll

  • MD5

    ba4e2862faf386dd996d0567f1c645a4

  • SHA1

    adebf1977bd61650afb47f682d461bcc1271cc0a

  • SHA256

    a5eefa1d8c6a0bcbc9d2308bb69d88f64d79cec4e98c74fb1a0a356667486dab

  • SHA512

    1ec264c83c13892c9c93fcb04afeae038ebe72977c9581acecc3972c901936261081ba65c27e60d9c7b0f9ad455bab4fa28cf11f6084eca5e932d9d58221b132

  • SSDEEP

    768:2t8dldJN5LXcyXrCD1tDMByGqnXm3+AVWEvaLW:pdzcyXrC/GsnXiVWEvaLW

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      ba4e2862faf386dd996d0567f1c645a4_JaffaCakes118

    • Size

      36KB

    • MD5

      ba4e2862faf386dd996d0567f1c645a4

    • SHA1

      adebf1977bd61650afb47f682d461bcc1271cc0a

    • SHA256

      a5eefa1d8c6a0bcbc9d2308bb69d88f64d79cec4e98c74fb1a0a356667486dab

    • SHA512

      1ec264c83c13892c9c93fcb04afeae038ebe72977c9581acecc3972c901936261081ba65c27e60d9c7b0f9ad455bab4fa28cf11f6084eca5e932d9d58221b132

    • SSDEEP

      768:2t8dldJN5LXcyXrCD1tDMByGqnXm3+AVWEvaLW:pdzcyXrC/GsnXiVWEvaLW

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks