General
-
Target
ed2b0b7ce80f2bb96287375bdbbb94be_JaffaCakes118
-
Size
31KB
-
Sample
240920-jz5bdsxaqm
-
MD5
ed2b0b7ce80f2bb96287375bdbbb94be
-
SHA1
3f12f4ee68850366cc304286d2df6e4cfcc0579c
-
SHA256
25268c705039aa0e6244cc144887b54ff76e1fafabd2bcf32e9d9f4f2611ee8f
-
SHA512
8ee765e07c800b600b80db95bab2d827d8266de5e6ddd429f79bfea586bd9aa9848af05d70dee09f616e0c60878ebb98d2648f14d0c0a7e8d327ef6423b8ddec
-
SSDEEP
768:ZzKPF9N7wNFHTM5IuWABIpcg8NgoLhn0a/nbcuyD7UoNWGb:JKPDN7sFzyZWAg8NgWR/nouy84t
Malware Config
Targets
-
-
Target
ed2b0b7ce80f2bb96287375bdbbb94be_JaffaCakes118
-
Size
31KB
-
MD5
ed2b0b7ce80f2bb96287375bdbbb94be
-
SHA1
3f12f4ee68850366cc304286d2df6e4cfcc0579c
-
SHA256
25268c705039aa0e6244cc144887b54ff76e1fafabd2bcf32e9d9f4f2611ee8f
-
SHA512
8ee765e07c800b600b80db95bab2d827d8266de5e6ddd429f79bfea586bd9aa9848af05d70dee09f616e0c60878ebb98d2648f14d0c0a7e8d327ef6423b8ddec
-
SSDEEP
768:ZzKPF9N7wNFHTM5IuWABIpcg8NgoLhn0a/nbcuyD7UoNWGb:JKPDN7sFzyZWAg8NgWR/nouy84t
Score10/10-
UAC bypass
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3