19ca94ee219203a28677550f0cad4242ff7c59d745d8e70b3ee8c1ed1c258438 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c894def79ee29b7b9880f6fad9a8cd16_JaffaCakes118
Size

171KB
Sample

240829-lp71msvcre
MD5

c894def79ee29b7b9880f6fad9a8cd16
SHA1

d49f961e068dd508b7ee53d2da76b4b38a6089ef
SHA256

19ca94ee219203a28677550f0cad4242ff7c59d745d8e70b3ee8c1ed1c258438
SHA512

4827b4d59fd12fccb3f246b7f5802a9d63e8226fdd0645b047417549a7bc3acd0d031cdc555703556670e116ec45640ce282aec11320773a8667f2feb3bf3d7a
SSDEEP

3072:5zXNTt7nZGMBvjoxb1PrU3lN0lDJEIWghKFiGEraeuN29gAkKk:RNBwMpjoTroTGJYXFMrPi29

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  c894def79ee29b7b9880f6fad9a8cd16_JaffaCakes118
- Size
  
  171KB
- MD5
  
  c894def79ee29b7b9880f6fad9a8cd16
- SHA1
  
  d49f961e068dd508b7ee53d2da76b4b38a6089ef
- SHA256
  
  19ca94ee219203a28677550f0cad4242ff7c59d745d8e70b3ee8c1ed1c258438
- SHA512
  
  4827b4d59fd12fccb3f246b7f5802a9d63e8226fdd0645b047417549a7bc3acd0d031cdc555703556670e116ec45640ce282aec11320773a8667f2feb3bf3d7a
- SSDEEP
  
  3072:5zXNTt7nZGMBvjoxb1PrU3lN0lDJEIWghKFiGEraeuN29gAkKk:RNBwMpjoTroTGJYXFMrPi29
Score

7^/10

persistence discovery
- Boot or Logon Autostart Execution: Print Processors
  Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Print Processors

Privilege Escalation

Boot or Logon Autostart Execution

Print Processors

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2