700c893f11e98afb98cfb6b2a52d1d80c64a16e1deeffe7cb79adb74f5cb65bc | Triage

Sharing

General

Target

edcf60e1c5a89123b9d3f9fe08beffd2_JaffaCakes118
Size

19KB
Sample

240920-r1rexssbpk
MD5

edcf60e1c5a89123b9d3f9fe08beffd2
SHA1

4a41d651f22d4254103a4b8692e36910844fd1cc
SHA256

700c893f11e98afb98cfb6b2a52d1d80c64a16e1deeffe7cb79adb74f5cb65bc
SHA512

d5306ec2403e26fdbf510185abd99f581fd824216d40073e6a9e467a2c24ac22ce7eb9f0581303c65fc1565c7d05549244090d8f520295fd98a2085b6b62c80e
SSDEEP

384:npdNjtU2O5db4yLMa/WdoJBNuVejUgKtZoeUrajI25NHzMAOve:npda1xSTIwgWQOI25NTMAOG

Score

10^/10

discovery evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  edcf60e1c5a89123b9d3f9fe08beffd2_JaffaCakes118
- Size
  
  19KB
- MD5
  
  edcf60e1c5a89123b9d3f9fe08beffd2
- SHA1
  
  4a41d651f22d4254103a4b8692e36910844fd1cc
- SHA256
  
  700c893f11e98afb98cfb6b2a52d1d80c64a16e1deeffe7cb79adb74f5cb65bc
- SHA512
  
  d5306ec2403e26fdbf510185abd99f581fd824216d40073e6a9e467a2c24ac22ce7eb9f0581303c65fc1565c7d05549244090d8f520295fd98a2085b6b62c80e
- SSDEEP
  
  384:npdNjtU2O5db4yLMa/WdoJBNuVejUgKtZoeUrajI25NHzMAOve:npda1xSTIwgWQOI25NTMAOG
Score

10^/10

discovery evasion persistence privilege_escalation
- Modifies firewall policy service
  evasion
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

AppInit DLLs

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation