eda02edb131b5d7696de3f569972f3b77798d0c6c2d01621f166e1444fe2d1c5 | Triage

Sharing

General

Target

0b5a20b572858537fea2198d72c8e3c0_JaffaCakes118
Size

311KB
Sample

241002-svzpsatdnq
MD5

0b5a20b572858537fea2198d72c8e3c0
SHA1

88e0819d4c5a1e59db1f301dfc50ed8dbf7e58db
SHA256

eda02edb131b5d7696de3f569972f3b77798d0c6c2d01621f166e1444fe2d1c5
SHA512

3291de63ad555a91ceacf0b026fab5371dec3033066105d8953950eb0f2ab74aeff6434f0639b7ce512d639b22e205ec1909ad6996b4b3d48ffa59dfb8d8bd11
SSDEEP

6144:DvYKlIGWSS5ux9s1RT5NQYdVKtj/A3M9QDIrE382Bf:DvYKKiGy9s1RVNPKp/A3YQD8EM2Bf

Score

5^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  0b5a20b572858537fea2198d72c8e3c0_JaffaCakes118
- Size
  
  311KB
- MD5
  
  0b5a20b572858537fea2198d72c8e3c0
- SHA1
  
  88e0819d4c5a1e59db1f301dfc50ed8dbf7e58db
- SHA256
  
  eda02edb131b5d7696de3f569972f3b77798d0c6c2d01621f166e1444fe2d1c5
- SHA512
  
  3291de63ad555a91ceacf0b026fab5371dec3033066105d8953950eb0f2ab74aeff6434f0639b7ce512d639b22e205ec1909ad6996b4b3d48ffa59dfb8d8bd11
- SSDEEP
  
  6144:DvYKlIGWSS5ux9s1RT5NQYdVKtj/A3M9QDIrE382Bf:DvYKKiGy9s1RVNPKp/A3YQD8EM2Bf
Score

5^/10

discovery persistence privilege_escalation
- Boot or Logon Autostart Execution: Authentication Package
  Suspicious Windows Authentication Registry Modification.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Authentication Package

Privilege Escalation

Boot or Logon Autostart Execution

Authentication Package

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistenceprivilege_escalation