c3ce83b231862167451915781f1c9c3e5f776ce6d0bf833d5222a11c68b89a3a | Triage

Sharing

General

Target

2fe27a7228cd9916c54f74466d45a84a_JaffaCakes118
Size

216KB
Sample

241009-m1rcpsseml
MD5

2fe27a7228cd9916c54f74466d45a84a
SHA1

262b9b1e6aefe9184f1dc3ede0d9f3fce343c4ea
SHA256

c3ce83b231862167451915781f1c9c3e5f776ce6d0bf833d5222a11c68b89a3a
SHA512

08a1c9ce7d81a25e737c681485d84d64bf3402be9092716d956d21ceb02d335b1df3b1311e3250faa3ebdd0c8380e6f28d0b6a261dd004c411a9370bf9de7257
SSDEEP

3072:0kqxP0eH76qHjnak+YYEIZH2ZUJ5s900IhR3cTV5E:0kqJQqHjavYRIBLsa0CRsZ

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  2fe27a7228cd9916c54f74466d45a84a_JaffaCakes118
- Size
  
  216KB
- MD5
  
  2fe27a7228cd9916c54f74466d45a84a
- SHA1
  
  262b9b1e6aefe9184f1dc3ede0d9f3fce343c4ea
- SHA256
  
  c3ce83b231862167451915781f1c9c3e5f776ce6d0bf833d5222a11c68b89a3a
- SHA512
  
  08a1c9ce7d81a25e737c681485d84d64bf3402be9092716d956d21ceb02d335b1df3b1311e3250faa3ebdd0c8380e6f28d0b6a261dd004c411a9370bf9de7257
- SSDEEP
  
  3072:0kqxP0eH76qHjnak+YYEIZH2ZUJ5s900IhR3cTV5E:0kqJQqHjavYRIBLsa0CRsZ
Score

7^/10

discovery persistence
- Boot or Logon Autostart Execution: Print Processors
  Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Print Processors

Privilege Escalation

Boot or Logon Autostart Execution

Print Processors

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence