3af949c2857186e1973ad61ed31265fbbbed37ac79ba8c7ca71d5fa7a6709ab7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

da62934bf8f5afc94026e9cfc1c29980_JaffaCakes118
Size

93KB
Sample

240911-p3kzta1gnb
MD5

da62934bf8f5afc94026e9cfc1c29980
SHA1

ad25f34d58691ff5158c121c95fe69be706ab724
SHA256

3af949c2857186e1973ad61ed31265fbbbed37ac79ba8c7ca71d5fa7a6709ab7
SHA512

f5524a4432909420a0c57c79f90bf07ef5668ccda49769346a9388127e7ff5726d1ff1389279572b41b501fd389ff4a388b08d0d20c56332886e0abb9fc9924b
SSDEEP

768:WvsX6hh4bN+eHl5O5q6VbzpbCPGE9sbqHM2zmWCjEwQKRpdOtGkCbZU9qZU9:W8e4pH3O5q6ZzmGE+s5ajBQezkqp

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  da62934bf8f5afc94026e9cfc1c29980_JaffaCakes118
- Size
  
  93KB
- MD5
  
  da62934bf8f5afc94026e9cfc1c29980
- SHA1
  
  ad25f34d58691ff5158c121c95fe69be706ab724
- SHA256
  
  3af949c2857186e1973ad61ed31265fbbbed37ac79ba8c7ca71d5fa7a6709ab7
- SHA512
  
  f5524a4432909420a0c57c79f90bf07ef5668ccda49769346a9388127e7ff5726d1ff1389279572b41b501fd389ff4a388b08d0d20c56332886e0abb9fc9924b
- SSDEEP
  
  768:WvsX6hh4bN+eHl5O5q6VbzpbCPGE9sbqHM2zmWCjEwQKRpdOtGkCbZU9qZU9:W8e4pH3O5q6ZzmGE+s5ajBQezkqp
Score

7^/10

discovery persistence privilege_escalation
- Loads dropped DLL
- Boot or Logon Autostart Execution: Authentication Package
  Suspicious Windows Authentication Registry Modification.
  persistence privilege_escalation
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Authentication Package

Privilege Escalation

Boot or Logon Autostart Execution

Authentication Package

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation