Overview

overview

8

Static

static

3

0181c95d96...18.exe

windows7-x64

8

0181c95d96...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    0181c95d96bae22e9947ee2f42439361_JaffaCakes118

  • Size

    19KB

  • Sample

    240930-qfpj6axbnn

  • MD5

    0181c95d96bae22e9947ee2f42439361

  • SHA1

    cb20411c0761fed5c27a034c46b22f2fcbf76acb

  • SHA256

    5a2af5ce6274774f9398d044d8267ebd7835f145cdbd1fece14d6e557e4300fb

  • SHA512

    9bad50991b673f104603f30c738b577dadc4eafbc5efa4be3792bfa7d72915bd994ae3e9987cad00f1fca1845f858d36bb46bd463a45181ba17f3590dc84f3ee

  • SSDEEP

    384:tPDMqsrJ0aFwsfy78v0lALcXVj+krat1AJd6fmlUDb4WUUzsUeHFlHWY:trMlSyNxcEAVK51ids4WUUxe72Y

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      0181c95d96bae22e9947ee2f42439361_JaffaCakes118

    • Size

      19KB

    • MD5

      0181c95d96bae22e9947ee2f42439361

    • SHA1

      cb20411c0761fed5c27a034c46b22f2fcbf76acb

    • SHA256

      5a2af5ce6274774f9398d044d8267ebd7835f145cdbd1fece14d6e557e4300fb

    • SHA512

      9bad50991b673f104603f30c738b577dadc4eafbc5efa4be3792bfa7d72915bd994ae3e9987cad00f1fca1845f858d36bb46bd463a45181ba17f3590dc84f3ee

    • SSDEEP

      384:tPDMqsrJ0aFwsfy78v0lALcXVj+krat1AJd6fmlUDb4WUUzsUeHFlHWY:trMlSyNxcEAVK51ids4WUUxe72Y

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Drops file in Drivers directory

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks