79c5fa5753fdfb703954131570720b8b7e1d49e8bc3b0c8eb16cc7ba6cbab478 | Triage

Sharing

General

Target

e1f6ffa61eed0e67aa772cb5c2941a85_JaffaCakes118
Size

44KB
Sample

240915-h4266a1hqd
MD5

e1f6ffa61eed0e67aa772cb5c2941a85
SHA1

572ee1a01e057a2a412f5dc16712e12f2a349374
SHA256

79c5fa5753fdfb703954131570720b8b7e1d49e8bc3b0c8eb16cc7ba6cbab478
SHA512

e7d41585e3b7b7785135e381ee737e0e6ffbf4e356e2f7063df9d92f70e3c08c7dc8db62478098c93628f47314f4ad680ab1c485140478258f10e3a1b0651ebc
SSDEEP

384:64gflvGtX415aW8n7zI2HiTwM/XX4qSpct5QYr:6VGtXe51koTwM/Xkat5QY

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  e1f6ffa61eed0e67aa772cb5c2941a85_JaffaCakes118
- Size
  
  44KB
- MD5
  
  e1f6ffa61eed0e67aa772cb5c2941a85
- SHA1
  
  572ee1a01e057a2a412f5dc16712e12f2a349374
- SHA256
  
  79c5fa5753fdfb703954131570720b8b7e1d49e8bc3b0c8eb16cc7ba6cbab478
- SHA512
  
  e7d41585e3b7b7785135e381ee737e0e6ffbf4e356e2f7063df9d92f70e3c08c7dc8db62478098c93628f47314f4ad680ab1c485140478258f10e3a1b0651ebc
- SSDEEP
  
  384:64gflvGtX415aW8n7zI2HiTwM/XX4qSpct5QYr:6VGtXe51koTwM/Xkat5QY
Score

8^/10

discovery persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation