General
-
Target
ee78074854e6ed49449a0e8982f24055_JaffaCakes118
-
Size
244KB
-
Sample
240920-1gl6jazbql
-
MD5
ee78074854e6ed49449a0e8982f24055
-
SHA1
b068b32e565e216612633579b545eb2c18d9e4eb
-
SHA256
a6257bbaa87a0c79f38a3560a3b61bb1f05ceb99fd0163ca093980aea3ac5b56
-
SHA512
de8c02b62763b34964cdbc8f486d08e28e050cf4e4bee2007ed2bea95c761a90e3093be9fb100f11358c4650adb1b23473e26a52ad36c1d6afe5b8f676f958ef
-
SSDEEP
3072:ZHg4j9dVZzs4/OGzkGIPfw0dqsiilyJ2SpwC4BBrs0NhB5Eq6EEXybUPZtsQZ6Si:ZHlfQNGdKtiiS2SErJ5MyCsMoTMho
Malware Config
Targets
-
-
Target
ee78074854e6ed49449a0e8982f24055_JaffaCakes118
-
Size
244KB
-
MD5
ee78074854e6ed49449a0e8982f24055
-
SHA1
b068b32e565e216612633579b545eb2c18d9e4eb
-
SHA256
a6257bbaa87a0c79f38a3560a3b61bb1f05ceb99fd0163ca093980aea3ac5b56
-
SHA512
de8c02b62763b34964cdbc8f486d08e28e050cf4e4bee2007ed2bea95c761a90e3093be9fb100f11358c4650adb1b23473e26a52ad36c1d6afe5b8f676f958ef
-
SSDEEP
3072:ZHg4j9dVZzs4/OGzkGIPfw0dqsiilyJ2SpwC4BBrs0NhB5Eq6EEXybUPZtsQZ6Si:ZHlfQNGdKtiiS2SErJ5MyCsMoTMho
Score10/10-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
4