3578e7241eb0dd0e7034effb3a0cd8499e3d878877b66a42659fe9eb3ffb02b6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d473b0ed61e4ace50ee9b59d73e02360_JaffaCakes118
Size

56KB
Sample

240908-qkaa2axhmm
MD5

d473b0ed61e4ace50ee9b59d73e02360
SHA1

c00d0a68ffc64413e683a39192a310a13acb3eb4
SHA256

3578e7241eb0dd0e7034effb3a0cd8499e3d878877b66a42659fe9eb3ffb02b6
SHA512

e9b75880f0047ac08bde772ecf796ad4db165d550c863f8b75829c65df694ba815c24d3a3da69789f4df37cc3622c6f3969204ccf6cc08d4669fa06db38b95bc
SSDEEP

1536:D1pXXG1gJ7xQeE+Uehpk39XdsSEH+nmwm:DjnG1gJ7xQ+hpktX

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  d473b0ed61e4ace50ee9b59d73e02360_JaffaCakes118
- Size
  
  56KB
- MD5
  
  d473b0ed61e4ace50ee9b59d73e02360
- SHA1
  
  c00d0a68ffc64413e683a39192a310a13acb3eb4
- SHA256
  
  3578e7241eb0dd0e7034effb3a0cd8499e3d878877b66a42659fe9eb3ffb02b6
- SHA512
  
  e9b75880f0047ac08bde772ecf796ad4db165d550c863f8b75829c65df694ba815c24d3a3da69789f4df37cc3622c6f3969204ccf6cc08d4669fa06db38b95bc
- SSDEEP
  
  1536:D1pXXG1gJ7xQeE+Uehpk39XdsSEH+nmwm:DjnG1gJ7xQ+hpktX
Score

7^/10

persistence discovery
- Boot or Logon Autostart Execution: Print Processors
  Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Print Processors

Privilege Escalation

Boot or Logon Autostart Execution

Print Processors

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2