173c730d8dd2fdb57c1dd4e13d438df3297126ab4498b1c0d89584a2988f0548 | Triage

Sharing

General

Target

dac11136f11b3658042c590b704a4767_JaffaCakes118
Size

104KB
Sample

240911-txfkcszgrp
MD5

dac11136f11b3658042c590b704a4767
SHA1

0792341d2810114f568ed21c76279a814174a39f
SHA256

173c730d8dd2fdb57c1dd4e13d438df3297126ab4498b1c0d89584a2988f0548
SHA512

1cdad4b3a970249cd97c54bb91bfa6a3e8f69711c84197c6e42b5c7fffd2e8022b481998a57d2f176daf6d92371065f57ffe15a9b076450411c6404a4ec5b293
SSDEEP

1536:FA4rOTlXWYpSf9QySL469t874y5N9rIoAGTGPZ:jOhdpoiL46PUb5NVIoAGTGPZ

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  dac11136f11b3658042c590b704a4767_JaffaCakes118
- Size
  
  104KB
- MD5
  
  dac11136f11b3658042c590b704a4767
- SHA1
  
  0792341d2810114f568ed21c76279a814174a39f
- SHA256
  
  173c730d8dd2fdb57c1dd4e13d438df3297126ab4498b1c0d89584a2988f0548
- SHA512
  
  1cdad4b3a970249cd97c54bb91bfa6a3e8f69711c84197c6e42b5c7fffd2e8022b481998a57d2f176daf6d92371065f57ffe15a9b076450411c6404a4ec5b293
- SSDEEP
  
  1536:FA4rOTlXWYpSf9QySL469t874y5N9rIoAGTGPZ:jOhdpoiL46PUb5NVIoAGTGPZ
Score

8^/10

discovery persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation