937d320b3f2d5d9bbbd154d06183d85652d9995a200422de27f8aee4b2ee395e | Triage

Submit
Reports

Overview

overview

8

Static

static

3

1a60aa008b...18.exe

windows7-x64

8

1a60aa008b...18.exe

windows10-2004-x64

8

Sharing

General

Target

1a60aa008b7def0d62edce7f7206849a_JaffaCakes118
Size

15KB
Sample

240628-q8lnzawcjk
MD5

1a60aa008b7def0d62edce7f7206849a
SHA1

b276c90ced9abffbed462e347cdd5021315f625f
SHA256

937d320b3f2d5d9bbbd154d06183d85652d9995a200422de27f8aee4b2ee395e
SHA512

a36d8976d6dcaf70d581a91c3bca2ad66f939d9ca7c1f9aa48e603ec8d2e631dab16443135b0004a74376d8564d2d650a5210a209aa09f25648a522b635cf2ab
SSDEEP

384:IU76MjQKfH0VZ3zUn8JGdhSOaWB+lEk24s:oOfH0H9gdh0o+lEx

Score

8^/10

adware persistence privilege_escalation stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1a60aa008b7def0d62edce7f7206849a_JaffaCakes118.exe

Resource

win7-20240419-en

adware persistence privilege_escalation stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1a60aa008b7def0d62edce7f7206849a_JaffaCakes118.exe

Resource

win10v2004-20240508-en

adware persistence privilege_escalation stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  1a60aa008b7def0d62edce7f7206849a_JaffaCakes118
- Size
  
  15KB
- MD5
  
  1a60aa008b7def0d62edce7f7206849a
- SHA1
  
  b276c90ced9abffbed462e347cdd5021315f625f
- SHA256
  
  937d320b3f2d5d9bbbd154d06183d85652d9995a200422de27f8aee4b2ee395e
- SHA512
  
  a36d8976d6dcaf70d581a91c3bca2ad66f939d9ca7c1f9aa48e603ec8d2e631dab16443135b0004a74376d8564d2d650a5210a209aa09f25648a522b635cf2ab
- SSDEEP
  
  384:IU76MjQKfH0VZ3zUn8JGdhSOaWB+lEk24s:oOfH0H9gdh0o+lEx
Score

8^/10

adware persistence privilege_escalation stealer
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Browser Extensions

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

adwarepersistenceprivilege_escalationstealer

behavioral2

adwarepersistenceprivilege_escalationstealer

© 2018-2024

Terms | Privacy