1157b5d0164c5691d4dbc801d2a9c296564c6a85fb97b6302d80f7020cfe7fd4 | Triage

Sharing

General

Target

f0935ffb21afac25935eda6da9e8ee4d_JaffaCakes118
Size

21KB
Sample

240921-zhebmssepf
MD5

f0935ffb21afac25935eda6da9e8ee4d
SHA1

e9fc363daf51085e1e6127fb43d557aaec93e9b4
SHA256

1157b5d0164c5691d4dbc801d2a9c296564c6a85fb97b6302d80f7020cfe7fd4
SHA512

64a00a04a456200ec8d8b901fc9f97581867a4960f60eeb6633338d62593f91c14f6cdacb4a1238926c92b4b027237286d7a9e87e917d16970a798494bee6271
SSDEEP

384:jOr5NKZ2qE4VpRE3aYr6W4A+EDmi95OBHxy45XAwEitTaj7w9sGzEdtYYOAF:qr5NmphxQ39YBHx5XAI967wzEdB3

Score

10^/10

discovery evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  f0935ffb21afac25935eda6da9e8ee4d_JaffaCakes118
- Size
  
  21KB
- MD5
  
  f0935ffb21afac25935eda6da9e8ee4d
- SHA1
  
  e9fc363daf51085e1e6127fb43d557aaec93e9b4
- SHA256
  
  1157b5d0164c5691d4dbc801d2a9c296564c6a85fb97b6302d80f7020cfe7fd4
- SHA512
  
  64a00a04a456200ec8d8b901fc9f97581867a4960f60eeb6633338d62593f91c14f6cdacb4a1238926c92b4b027237286d7a9e87e917d16970a798494bee6271
- SSDEEP
  
  384:jOr5NKZ2qE4VpRE3aYr6W4A+EDmi95OBHxy45XAwEitTaj7w9sGzEdtYYOAF:qr5NmphxQ39YBHx5XAI967wzEdB3
Score

10^/10

discovery evasion persistence privilege_escalation
- Modifies firewall policy service
  evasion
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

AppInit DLLs

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation