0d04daf193c49266e2d2c8d916d06661fe2c91b6caaaacaa8f827a06dbdcec8f | Triage

Sharing

General

Target

ed2a3cb0fff8b1aeff6037987b312d74_JaffaCakes118
Size

22KB
Sample

240920-jyvqkawere
MD5

ed2a3cb0fff8b1aeff6037987b312d74
SHA1

358d2f9b9c0c8e3799b62b398329e0bb34be1c09
SHA256

0d04daf193c49266e2d2c8d916d06661fe2c91b6caaaacaa8f827a06dbdcec8f
SHA512

c98eabbbeff4eb981203ad57f917f96dd03c710acfd3f129a71bb57c9f6e7e9261f860f60813c18c9112220cbdfbad0b2e6cf4f4bae5da87fb1e7bf74e02ed53
SSDEEP

384:JPyZNjtU2m640dstxVdlfhByiLn1Bh5FBxn0/XjONGNzxstZEl:ByZ7N0ry25v2rW6xstI

Score

10^/10

discovery evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  ed2a3cb0fff8b1aeff6037987b312d74_JaffaCakes118
- Size
  
  22KB
- MD5
  
  ed2a3cb0fff8b1aeff6037987b312d74
- SHA1
  
  358d2f9b9c0c8e3799b62b398329e0bb34be1c09
- SHA256
  
  0d04daf193c49266e2d2c8d916d06661fe2c91b6caaaacaa8f827a06dbdcec8f
- SHA512
  
  c98eabbbeff4eb981203ad57f917f96dd03c710acfd3f129a71bb57c9f6e7e9261f860f60813c18c9112220cbdfbad0b2e6cf4f4bae5da87fb1e7bf74e02ed53
- SSDEEP
  
  384:JPyZNjtU2m640dstxVdlfhByiLn1Bh5FBxn0/XjONGNzxstZEl:ByZ7N0ry25v2rW6xstI
Score

10^/10

discovery evasion persistence privilege_escalation
- Modifies firewall policy service
  evasion
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

AppInit DLLs

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation