2a1427f8a8f9867437da2654f6658eb04ff8b5df7cdd6e2c36ae1b61fe96b52f | Triage

Sharing

General

Target

efb7e87c957c568783b59968a97d0d5c_JaffaCakes118
Size

68KB
Sample

240921-nvwwns1bkp
MD5

efb7e87c957c568783b59968a97d0d5c
SHA1

19880f37a0dbd26acbf60bce5ccc53b78bae7265
SHA256

2a1427f8a8f9867437da2654f6658eb04ff8b5df7cdd6e2c36ae1b61fe96b52f
SHA512

8e52d3f86a409859f9e329eb05d9c9d311ff388375ad92eaeabdd7e1f815f919adabdb6178f3d5eacdd8ea04a4c86ed5c466ea2348d9ef76b0b4b63010c74175
SSDEEP

768:XW3bHxjXUYONCQ5a469OiTKXVKIvYZxbRwrMHmh+rtFUMm57aPNT9hYqCs/pjeTe:XWLHxmQl2QvZRI+rHnmGT9hx5pIk3x

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  efb7e87c957c568783b59968a97d0d5c_JaffaCakes118
- Size
  
  68KB
- MD5
  
  efb7e87c957c568783b59968a97d0d5c
- SHA1
  
  19880f37a0dbd26acbf60bce5ccc53b78bae7265
- SHA256
  
  2a1427f8a8f9867437da2654f6658eb04ff8b5df7cdd6e2c36ae1b61fe96b52f
- SHA512
  
  8e52d3f86a409859f9e329eb05d9c9d311ff388375ad92eaeabdd7e1f815f919adabdb6178f3d5eacdd8ea04a4c86ed5c466ea2348d9ef76b0b4b63010c74175
- SSDEEP
  
  768:XW3bHxjXUYONCQ5a469OiTKXVKIvYZxbRwrMHmh+rtFUMm57aPNT9hYqCs/pjeTe:XWLHxmQl2QvZRI+rHnmGT9hx5pIk3x
Score

7^/10

discovery persistence
- Boot or Logon Autostart Execution: Print Processors
  Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
  persistence
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Print Processors

Privilege Escalation

Boot or Logon Autostart Execution

Print Processors

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence