General
-
Target
da86c3fa5a9663ef22ef980e69acaee7_JaffaCakes118
-
Size
41KB
-
Sample
240911-rk9assvdlp
-
MD5
da86c3fa5a9663ef22ef980e69acaee7
-
SHA1
0ab31ebc91b86560a8395c6ec66c2fe367cea2ca
-
SHA256
8791fff25aa0a1c051bdbca88002b87232008ab7b22ff62d94074164fa9c33ce
-
SHA512
372f1b9c9520278054adeb56980c09938590bebce53787aaa12c57d18c5a631ee2dd3694449b9a8724b9eee5648c2bb70904e423b1a0a43f6aa25e12312ee0b1
-
SSDEEP
768:2y7xkXh1eQ04N8ehyOdGlg6MQ1WXHv1/tjPi4yMS+EkmCU5E2FeEC0jh:bxRd4N8ehDN6MQ1KN/A4y7HaiEy+Eh
Malware Config
Targets
-
-
Target
da86c3fa5a9663ef22ef980e69acaee7_JaffaCakes118
-
Size
41KB
-
MD5
da86c3fa5a9663ef22ef980e69acaee7
-
SHA1
0ab31ebc91b86560a8395c6ec66c2fe367cea2ca
-
SHA256
8791fff25aa0a1c051bdbca88002b87232008ab7b22ff62d94074164fa9c33ce
-
SHA512
372f1b9c9520278054adeb56980c09938590bebce53787aaa12c57d18c5a631ee2dd3694449b9a8724b9eee5648c2bb70904e423b1a0a43f6aa25e12312ee0b1
-
SSDEEP
768:2y7xkXh1eQ04N8ehyOdGlg6MQ1WXHv1/tjPi4yMS+EkmCU5E2FeEC0jh:bxRd4N8ehDN6MQ1KN/A4y7HaiEy+Eh
Score10/10-
UAC bypass
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Deletes itself
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1AppInit DLLs
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
1File Deletion
1Modify Registry
2