d34668b995afb18bc4618b62a5ea8053b1eb54a1129dc2423df847af35551264 | Triage

Sharing

General

Target

JaffaCakes118_01b5b8762bcf9e5d0e29929fdf79804c
Size

865KB
Sample

250511-h9xtmagp9x
MD5

01b5b8762bcf9e5d0e29929fdf79804c
SHA1

c24ed627ef583f6c158f17fcaa3ce4952cb6ca8e
SHA256

d34668b995afb18bc4618b62a5ea8053b1eb54a1129dc2423df847af35551264
SHA512

39df631700da9c44532c0f407b50ab0d9560e1f5580268955a9470de20edcd739a7f433613f364a5628275957413cecadb22941785530bff52700d3d337b3ac8
SSDEEP

24576:+oJxfwKhOv7uxfiBIJ5OnW6jLdxez3tEYW:+o7fwX7HIJpKdxezdxW

Score

7^/10

defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_01b5b8762bcf9e5d0e29929fdf79804c
- Size
  
  865KB
- MD5
  
  01b5b8762bcf9e5d0e29929fdf79804c
- SHA1
  
  c24ed627ef583f6c158f17fcaa3ce4952cb6ca8e
- SHA256
  
  d34668b995afb18bc4618b62a5ea8053b1eb54a1129dc2423df847af35551264
- SHA512
  
  39df631700da9c44532c0f407b50ab0d9560e1f5580268955a9470de20edcd739a7f433613f364a5628275957413cecadb22941785530bff52700d3d337b3ac8
- SSDEEP
  
  24576:+oJxfwKhOv7uxfiBIJ5OnW6jLdxez3tEYW:+o7fwX7HIJpKdxezdxW
Score

7^/10

defense_evasion discovery persistence privilege_escalation trojan
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Checks whether UAC is enabled
  defense_evasion trojan
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalationtrojan

	
		OSZAR »