7d2a2be3656b0b6c21d5a8d021e034e7690d0781299179672f9d4b80a852d769 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

308daf7217beee0a6ba9fd0eab8faa42_JaffaCakes118
Size

178KB
Sample

241010-sqlblaxfmj
MD5

308daf7217beee0a6ba9fd0eab8faa42
SHA1

ebc98acb37aef5820c5e701011ffe610a561fed6
SHA256

7d2a2be3656b0b6c21d5a8d021e034e7690d0781299179672f9d4b80a852d769
SHA512

5bc457edf54dfdadc5671d14f8d6df7754fecda505480009a4b748569f649f6fbfc206dd3cadd8622d30e1f15333e96835eec9abb971e7b219ead1fb63236f4f
SSDEEP

3072:97B9kcuss1TrYHXtzVNho+opqRTj6dQ5TONpYzqF9or0/L9U9BR2RD4oXl+7WI:ZHuJrIforpqRCdQRYp45IzsmdV+R

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  muzyika__na_teplohode_muzyika_igraet.exe
- Size
  
  284KB
- MD5
  
  a9ffd82eab69124f800032d78ef61dee
- SHA1
  
  47d06f324d2512d8452768ae676a87ddf3bc743a
- SHA256
  
  fe8f7382181eda105f15b85f02e2b3643d81ebbdea878b3a1f963ba966f775d4
- SHA512
  
  da770da169c485574b8556ed2d1ae5d341cbf97fabfbda367e9fe8877b91e6df12bd0866f66f981effb98a00ba3133d82ca00467b16019c37d63bd1ee0b9c219
- SSDEEP
  
  6144:a5+2BxAWURf/8o/68i62dsbh/x205t4DiI27zzl7FbSbGqJ:aE5WURf/8oCP62WJ205t4DX8zzl7FbS
Score

8^/10

discovery persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2