63aa0b76188e252c468fda0a680348cb7fb8e46ab593f8b5f566e6baa191f530 | Triage

Sharing

General

Target

eaafc2317a215bbabdfa01fdc1e6cb2c_JaffaCakes118
Size

115KB
Sample

240919-gcbz8atdpq
MD5

eaafc2317a215bbabdfa01fdc1e6cb2c
SHA1

10feff2ec25d009149322ed9ca5c6b7a18bb8434
SHA256

63aa0b76188e252c468fda0a680348cb7fb8e46ab593f8b5f566e6baa191f530
SHA512

ac1ff1642e58a487d33a0dd83b0fc0c7b25f7199ca3243f71abd68e81443ac8fae6949d58049872bee283856b6f0c82d6d103d509ff7a35d7528694280d40c6c
SSDEEP

3072:/GaK4XabO7xlI8r9iJw7AzAAn/6asu1TUybroaUKZt:xpCzAiAu14yfoFKZ

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  eaafc2317a215bbabdfa01fdc1e6cb2c_JaffaCakes118
- Size
  
  115KB
- MD5
  
  eaafc2317a215bbabdfa01fdc1e6cb2c
- SHA1
  
  10feff2ec25d009149322ed9ca5c6b7a18bb8434
- SHA256
  
  63aa0b76188e252c468fda0a680348cb7fb8e46ab593f8b5f566e6baa191f530
- SHA512
  
  ac1ff1642e58a487d33a0dd83b0fc0c7b25f7199ca3243f71abd68e81443ac8fae6949d58049872bee283856b6f0c82d6d103d509ff7a35d7528694280d40c6c
- SSDEEP
  
  3072:/GaK4XabO7xlI8r9iJw7AzAAn/6asu1TUybroaUKZt:xpCzAiAu14yfoFKZ
Score

7^/10

discovery persistence
- Boot or Logon Autostart Execution: Print Processors
  Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
  persistence
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Print Processors

Privilege Escalation

Boot or Logon Autostart Execution

Print Processors

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence