5ef7806090bd3d55e76a75ba9d1a0bc92a5a155c74cd3db508f37785fe495a59 | Triage

Sharing

General

Target

dea31c76aa955dd17897bb1196f4f9b4_JaffaCakes118
Size

88KB
Sample

240913-ws5pss1anr
MD5

dea31c76aa955dd17897bb1196f4f9b4
SHA1

89b12189600bb32d35ec36d73ab343b47ad0c488
SHA256

5ef7806090bd3d55e76a75ba9d1a0bc92a5a155c74cd3db508f37785fe495a59
SHA512

96719fa00d3d1946fe7dbdf6170f893cde925fcb55641b540c976c8dc7d8580fd9e2d6abc11940009c84393beca3242ba67c3b8a812ed06147cca38e14cdd065
SSDEEP

1536:7DxjA0dZ7M3YItUarkkoodxMKbvEEEEC7xZopSluTHT9KoTJlIU:7t/j7M3oCLZaBEC7oEkrhKoTJlIU

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  dea31c76aa955dd17897bb1196f4f9b4_JaffaCakes118
- Size
  
  88KB
- MD5
  
  dea31c76aa955dd17897bb1196f4f9b4
- SHA1
  
  89b12189600bb32d35ec36d73ab343b47ad0c488
- SHA256
  
  5ef7806090bd3d55e76a75ba9d1a0bc92a5a155c74cd3db508f37785fe495a59
- SHA512
  
  96719fa00d3d1946fe7dbdf6170f893cde925fcb55641b540c976c8dc7d8580fd9e2d6abc11940009c84393beca3242ba67c3b8a812ed06147cca38e14cdd065
- SSDEEP
  
  1536:7DxjA0dZ7M3YItUarkkoodxMKbvEEEEC7xZopSluTHT9KoTJlIU:7t/j7M3oCLZaBEC7oEkrhKoTJlIU
Score

8^/10

discovery persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation