11bd3ed51eea77303b0e81ae795d774ce952deb576a1d05f924c016a8e7e14a2 | Triage

Sharing

General

Target

JaffaCakes118_e2d1f35d670e15ce97b18b6c2f0aba94
Size

78KB
Sample

250120-lbgljasnan
MD5

e2d1f35d670e15ce97b18b6c2f0aba94
SHA1

c5361ffb0eafa6c09bcdcb50f2a029c9c87f3135
SHA256

11bd3ed51eea77303b0e81ae795d774ce952deb576a1d05f924c016a8e7e14a2
SHA512

c9370f449ead87a13d26f4984a24dd40f07fbb83873a4b4fa3ea4df4916d38118ee3ff0c11f97189bb38eeda01501a1d92664e8cdd03857b2fa210af00e4e257
SSDEEP

1536:nblKOjFa2zc525CrnrhyH/Gid0wYBH3uTpiSWqQ77VZUGliomJlIK:FjfGrhA+iSwYhkxQHA8iomJlIK

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  JaffaCakes118_e2d1f35d670e15ce97b18b6c2f0aba94
- Size
  
  78KB
- MD5
  
  e2d1f35d670e15ce97b18b6c2f0aba94
- SHA1
  
  c5361ffb0eafa6c09bcdcb50f2a029c9c87f3135
- SHA256
  
  11bd3ed51eea77303b0e81ae795d774ce952deb576a1d05f924c016a8e7e14a2
- SHA512
  
  c9370f449ead87a13d26f4984a24dd40f07fbb83873a4b4fa3ea4df4916d38118ee3ff0c11f97189bb38eeda01501a1d92664e8cdd03857b2fa210af00e4e257
- SSDEEP
  
  1536:nblKOjFa2zc525CrnrhyH/Gid0wYBH3uTpiSWqQ77VZUGliomJlIK:FjfGrhA+iSwYhkxQHA8iomJlIK
Score

8^/10

discovery persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistenceprivilege_escalation