5cafb5649529872755b684eae5a1b4554383c930cab49d8ea852c0aeae050733 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fc0223623c8081b443e580ca46673673_JaffaCakes118
Size

21KB
Sample

240928-ljyj1s1dla
MD5

fc0223623c8081b443e580ca46673673
SHA1

77d0c5f6b9547a3726ee35e8b13b300f6ea45f02
SHA256

5cafb5649529872755b684eae5a1b4554383c930cab49d8ea852c0aeae050733
SHA512

9a8c43c4707752290d1cd292b9a757ecb648ad44b3d3f048b31efdc9f3a4082136754d8ebe73782c391220feaad93416ec9065f90588bec6580ee9ac5d5edb0e
SSDEEP

384:L62vDQ7VVbfUAb7UokTBFKcuCQRESJakamzu/+Yeiig1LPhCn2S4ZtXgCInb:m2+nbRbQokT6cuKSJBju/+Y9PrvWb

Score

8^/10

discovery persistence privilege_escalation vmprotect

Malware Config

Targets

- Target
  
  fc0223623c8081b443e580ca46673673_JaffaCakes118
- Size
  
  21KB
- MD5
  
  fc0223623c8081b443e580ca46673673
- SHA1
  
  77d0c5f6b9547a3726ee35e8b13b300f6ea45f02
- SHA256
  
  5cafb5649529872755b684eae5a1b4554383c930cab49d8ea852c0aeae050733
- SHA512
  
  9a8c43c4707752290d1cd292b9a757ecb648ad44b3d3f048b31efdc9f3a4082136754d8ebe73782c391220feaad93416ec9065f90588bec6580ee9ac5d5edb0e
- SSDEEP
  
  384:L62vDQ7VVbfUAb7UokTBFKcuCQRESJakamzu/+Yeiig1LPhCn2S4ZtXgCInb:m2+nbRbQokT6cuKSJBju/+Y9PrvWb
Score

8^/10

discovery persistence privilege_escalation vmprotect
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

AppInit DLLs

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalationvmprotect

behavioral2

discoverypersistenceprivilege_escalation