General
-
Target
ecdec207d42d3576b5c02563d08c106b_JaffaCakes118
-
Size
38KB
-
Sample
240920-ffk7mayhre
-
MD5
ecdec207d42d3576b5c02563d08c106b
-
SHA1
8f0e9cc51d7315bc7b65bb0b5b8042dac70b5042
-
SHA256
aa6f8416b5fba396fdc835a73a1a985aedd136d444edeaa49d54249fdc6c6aaf
-
SHA512
3efb7d60d85022f44b18bc580a7dcf02d81f2f2ff06b96bd392baa0a4c7d884935f603df1f59a5388d54a832d0d69156d209c4190bc876c47790554a35da4a79
-
SSDEEP
768:5A6cObHTNNT6iAdd+WttpaX8rPiwzImZIiWIEnYP4u7anY:53c4z7g/+0pb7iw0ibE64VY
Malware Config
Targets
-
-
Target
ecdec207d42d3576b5c02563d08c106b_JaffaCakes118
-
Size
38KB
-
MD5
ecdec207d42d3576b5c02563d08c106b
-
SHA1
8f0e9cc51d7315bc7b65bb0b5b8042dac70b5042
-
SHA256
aa6f8416b5fba396fdc835a73a1a985aedd136d444edeaa49d54249fdc6c6aaf
-
SHA512
3efb7d60d85022f44b18bc580a7dcf02d81f2f2ff06b96bd392baa0a4c7d884935f603df1f59a5388d54a832d0d69156d209c4190bc876c47790554a35da4a79
-
SSDEEP
768:5A6cObHTNNT6iAdd+WttpaX8rPiwzImZIiWIEnYP4u7anY:53c4z7g/+0pb7iw0ibE64VY
Score10/10-
UAC bypass
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Deletes itself
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1AppInit DLLs
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
1File Deletion
1Modify Registry
2