b796fc8560e9892d31613561c7e3dbdfa6a73dcfbf20b2f8709a59b1c23ef127 | Triage

Sharing

General

Target

ef832feca55485c9f70a73658882e650_JaffaCakes118
Size

112KB
Sample

240921-lkyleavhlg
MD5

ef832feca55485c9f70a73658882e650
SHA1

cdc5e27b51bee2482bec539957efbe4417c732ac
SHA256

b796fc8560e9892d31613561c7e3dbdfa6a73dcfbf20b2f8709a59b1c23ef127
SHA512

88b6d50b4c827c76eab52ed84533fbbddac46f7c11f7182d4bfd055569379f2c29756532acdece8db467e61fcb60877d99c412eb85014588f962a7d7cbd0a233
SSDEEP

1536:fmOqwfzJycHbkbRwE/My3lU1m0IVOCseShNFHnbjlTFDvQU7Rbm2ZEvEZUCsoRic:fmNwccHbawaVHvS5nkU7RT8QsoD

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  ef832feca55485c9f70a73658882e650_JaffaCakes118
- Size
  
  112KB
- MD5
  
  ef832feca55485c9f70a73658882e650
- SHA1
  
  cdc5e27b51bee2482bec539957efbe4417c732ac
- SHA256
  
  b796fc8560e9892d31613561c7e3dbdfa6a73dcfbf20b2f8709a59b1c23ef127
- SHA512
  
  88b6d50b4c827c76eab52ed84533fbbddac46f7c11f7182d4bfd055569379f2c29756532acdece8db467e61fcb60877d99c412eb85014588f962a7d7cbd0a233
- SSDEEP
  
  1536:fmOqwfzJycHbkbRwE/My3lU1m0IVOCseShNFHnbjlTFDvQU7Rbm2ZEvEZUCsoRic:fmNwccHbawaVHvS5nkU7RT8QsoD
Score

8^/10

discovery persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation