19c15f88fa409699b87de41b04c6a3a9a556de325d036b0ab6de057eeade63fe | Triage

Sharing

General

Target

dda72a17fdb55cee841e6135c3d51fdf_JaffaCakes118
Size

20.4MB
Sample

240913-etzfqstemk
MD5

dda72a17fdb55cee841e6135c3d51fdf
SHA1

4bd814507d3a5e7c52d7cbd834d8363c9842e0a3
SHA256

19c15f88fa409699b87de41b04c6a3a9a556de325d036b0ab6de057eeade63fe
SHA512

b759fc69e525a71df3289bf145b0e6cf3ec92bba06dce9ad3039a620b2215a55f2df9d4388e7e15fc09604aae75f6c794d88f386d4e13982641fd6341e8264bc
SSDEEP

393216:Twr4tWytbkKBk/LsiPSZg1uGz1GLuTXfMJa0H0hq/e1Egrex7pfxPD8J:0r4tWyss5S8C1YuTvMJazye1p0dxo

Score

6^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  dda72a17fdb55cee841e6135c3d51fdf_JaffaCakes118
- Size
  
  20.4MB
- MD5
  
  dda72a17fdb55cee841e6135c3d51fdf
- SHA1
  
  4bd814507d3a5e7c52d7cbd834d8363c9842e0a3
- SHA256
  
  19c15f88fa409699b87de41b04c6a3a9a556de325d036b0ab6de057eeade63fe
- SHA512
  
  b759fc69e525a71df3289bf145b0e6cf3ec92bba06dce9ad3039a620b2215a55f2df9d4388e7e15fc09604aae75f6c794d88f386d4e13982641fd6341e8264bc
- SSDEEP
  
  393216:Twr4tWytbkKBk/LsiPSZg1uGz1GLuTXfMJa0H0hq/e1Egrex7pfxPD8J:0r4tWyss5S8C1YuTvMJazye1p0dxo
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation