General
-
Target
0003efed870e7075355ab3c138dd800a_JaffaCakes118
-
Size
23KB
-
Sample
240619-xcwmmawflb
-
MD5
0003efed870e7075355ab3c138dd800a
-
SHA1
5264a49a46ebf4468afe4c052a330e81e15e153c
-
SHA256
e0a0bbd18f891b0b4feea8aa98fc7150b1d56d2f6cb502eb1b93dd36a3e96930
-
SHA512
c6fec8b363082fefedcce236339acaf2913add6d6ca79efc4cf39e2dfca2c344f1f9d1b24c4e21b0b2481359f48329c3c6e5c253bf04a2beb9128629f4f1f256
-
SSDEEP
384:ldD9d6G4jS4wz+GEDfAYcKhumQViT8cjXS9zgN0AJTd9:lnL+7fZcZViT8sXSRgNtJX
Malware Config
Targets
-
-
Target
0003efed870e7075355ab3c138dd800a_JaffaCakes118
-
Size
23KB
-
MD5
0003efed870e7075355ab3c138dd800a
-
SHA1
5264a49a46ebf4468afe4c052a330e81e15e153c
-
SHA256
e0a0bbd18f891b0b4feea8aa98fc7150b1d56d2f6cb502eb1b93dd36a3e96930
-
SHA512
c6fec8b363082fefedcce236339acaf2913add6d6ca79efc4cf39e2dfca2c344f1f9d1b24c4e21b0b2481359f48329c3c6e5c253bf04a2beb9128629f4f1f256
-
SSDEEP
384:ldD9d6G4jS4wz+GEDfAYcKhumQViT8cjXS9zgN0AJTd9:lnL+7fZcZViT8sXSRgNtJX
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1