a40038840c6251eb501eb92b118f53d28e8716a9730347a146bfc43b34ae2cea | Triage

Sharing

General

Target

ea9ae05bc9067971fcbcdb8d0e20597d_JaffaCakes118
Size

100KB
Sample

240919-fbb36a1flg
MD5

ea9ae05bc9067971fcbcdb8d0e20597d
SHA1

e05801b445802f543e07264c079fd0178aad9612
SHA256

a40038840c6251eb501eb92b118f53d28e8716a9730347a146bfc43b34ae2cea
SHA512

7f8436a8fc8d6f06744fe56005bb18c5009325899bad3ce4d9736f488b65b38edeb7c86b926f93018e998fac4615a4a5fc8194ac122130357e291e49d88db937
SSDEEP

1536:M0rbsvnYYVpMVBKTPJOzE/wEGrvSKKX4zgFL1joQ8qte:M8+nYgyQJOzEIE6SKXgF5joqt

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  ea9ae05bc9067971fcbcdb8d0e20597d_JaffaCakes118
- Size
  
  100KB
- MD5
  
  ea9ae05bc9067971fcbcdb8d0e20597d
- SHA1
  
  e05801b445802f543e07264c079fd0178aad9612
- SHA256
  
  a40038840c6251eb501eb92b118f53d28e8716a9730347a146bfc43b34ae2cea
- SHA512
  
  7f8436a8fc8d6f06744fe56005bb18c5009325899bad3ce4d9736f488b65b38edeb7c86b926f93018e998fac4615a4a5fc8194ac122130357e291e49d88db937
- SSDEEP
  
  1536:M0rbsvnYYVpMVBKTPJOzE/wEGrvSKKX4zgFL1joQ8qte:M8+nYgyQJOzEIE6SKXgF5joqt
Score

8^/10

discovery persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation