44fe632fd2fab909dfaab3db56d6fdb44a298290f100a7623ab1507db1c2978f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5b0ae51ce5993d20124ea1abf9eb87e_JaffaCakes118
Size

93KB
Sample

240909-fmt34ssgjj
MD5

d5b0ae51ce5993d20124ea1abf9eb87e
SHA1

9e94e316a464e4da7279ec1df25c92694aabc92d
SHA256

44fe632fd2fab909dfaab3db56d6fdb44a298290f100a7623ab1507db1c2978f
SHA512

b0822a0d66b0d1a0065a158cc95a95e4357c70015f31a6fe4d060b039529e14f599a17b6f9e82d2a105c4de0a448c9374b597f9c03186ffe499cf7af98f4eef7
SSDEEP

768:EwRZi4xvBg0i1IQSmecGEyB69bahHPmFr/UiLIO95WrQPUaJvDGdVmkX8ZU9qZU9:JRZF51lTrpQLIxrUDGzNX8p

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  d5b0ae51ce5993d20124ea1abf9eb87e_JaffaCakes118
- Size
  
  93KB
- MD5
  
  d5b0ae51ce5993d20124ea1abf9eb87e
- SHA1
  
  9e94e316a464e4da7279ec1df25c92694aabc92d
- SHA256
  
  44fe632fd2fab909dfaab3db56d6fdb44a298290f100a7623ab1507db1c2978f
- SHA512
  
  b0822a0d66b0d1a0065a158cc95a95e4357c70015f31a6fe4d060b039529e14f599a17b6f9e82d2a105c4de0a448c9374b597f9c03186ffe499cf7af98f4eef7
- SSDEEP
  
  768:EwRZi4xvBg0i1IQSmecGEyB69bahHPmFr/UiLIO95WrQPUaJvDGdVmkX8ZU9qZU9:JRZF51lTrpQLIxrUDGzNX8p
Score

7^/10

discovery persistence privilege_escalation
- Loads dropped DLL
- Boot or Logon Autostart Execution: Authentication Package
  Suspicious Windows Authentication Registry Modification.
  persistence privilege_escalation
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Authentication Package

Privilege Escalation

Boot or Logon Autostart Execution

Authentication Package

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation