ea0c5fe5eb6f6c850a9f8364c5f9cb174c93ba9b3ee446d36a99a2a3ea1fff02 | Triage

Sharing

General

Target

05ec50d5b797ebadc39b80f1ba5b5c30_JaffaCakes118
Size

329KB
Sample

241001-qa7hsavcng
MD5

05ec50d5b797ebadc39b80f1ba5b5c30
SHA1

15017bc249b7ce9757c5629272d3c1548c290777
SHA256

ea0c5fe5eb6f6c850a9f8364c5f9cb174c93ba9b3ee446d36a99a2a3ea1fff02
SHA512

95f280e3267daad1cbab64eef4cb556326bb32865dc06f8bed69461d5e4b35e1bf96ae440779fbb8e668befe9014fba591de3d832230b4ded89a08e5b43920f3
SSDEEP

6144:siMF/X479SEAanPSIv0FB5iSbGqJQjdSHV:sI79SE1lMFmS+dYV

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  05ec50d5b797ebadc39b80f1ba5b5c30_JaffaCakes118
- Size
  
  329KB
- MD5
  
  05ec50d5b797ebadc39b80f1ba5b5c30
- SHA1
  
  15017bc249b7ce9757c5629272d3c1548c290777
- SHA256
  
  ea0c5fe5eb6f6c850a9f8364c5f9cb174c93ba9b3ee446d36a99a2a3ea1fff02
- SHA512
  
  95f280e3267daad1cbab64eef4cb556326bb32865dc06f8bed69461d5e4b35e1bf96ae440779fbb8e668befe9014fba591de3d832230b4ded89a08e5b43920f3
- SSDEEP
  
  6144:siMF/X479SEAanPSIv0FB5iSbGqJQjdSHV:sI79SE1lMFmS+dYV
Score

8^/10

discovery persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation