General
-
Target
d04af31a903bee3b84882edc05e3399f_JaffaCakes118
-
Size
40KB
-
Sample
240906-x3mseatepj
-
MD5
d04af31a903bee3b84882edc05e3399f
-
SHA1
23d59ac608d1ebbe6902cf081be1e46067713e3c
-
SHA256
5da8828eadc74138f6f8966823852c08de6742dcf3178b416c0e2744d1cfd258
-
SHA512
e4fdec329ffa917415d78be35bba7ff96f209abb16b53b338afbbee58ff6d8f14476c082606b8b2c81aaf8b5cf6d7863d6cab29d14266db77125d11a7ee5cecf
-
SSDEEP
768:bu3kR8HC/ZVodmUaaKJGm+CPE8q1p8swi8ax9W+J/WjoEt9vDx0m0OdXvO3jXvLI:C0Rb/TpAOGm7Xou08Ix/ZavDdDE3jXjI
Malware Config
Targets
-
-
Target
d04af31a903bee3b84882edc05e3399f_JaffaCakes118
-
Size
40KB
-
MD5
d04af31a903bee3b84882edc05e3399f
-
SHA1
23d59ac608d1ebbe6902cf081be1e46067713e3c
-
SHA256
5da8828eadc74138f6f8966823852c08de6742dcf3178b416c0e2744d1cfd258
-
SHA512
e4fdec329ffa917415d78be35bba7ff96f209abb16b53b338afbbee58ff6d8f14476c082606b8b2c81aaf8b5cf6d7863d6cab29d14266db77125d11a7ee5cecf
-
SSDEEP
768:bu3kR8HC/ZVodmUaaKJGm+CPE8q1p8swi8ax9W+J/WjoEt9vDx0m0OdXvO3jXvLI:C0Rb/TpAOGm7Xou08Ix/ZavDdDE3jXjI
Score10/10-
UAC bypass
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Deletes itself
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1AppInit DLLs
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
1File Deletion
1Modify Registry
2