General
-
Target
0006ed8169623aba9a2a268ee05e8c0b_JaffaCakes118
-
Size
23KB
-
Sample
240619-xe5y3s1ejr
-
MD5
0006ed8169623aba9a2a268ee05e8c0b
-
SHA1
4aa3a301dee2021d44293383dcd6f4e5996b0a95
-
SHA256
20dd66904733617ac5789d33884b71166785680293c5e6e2f08f840faab7e7f3
-
SHA512
1bb47517c0e9cd84e62dc0bfd0c52f3c452dcf12e1a4ffe7f7ae5be5e5ee7e4a7e768c0b8498203eb99f92c07ce6f36a48f189ec5fdb02018dfcc5649b00c6c6
-
SSDEEP
384:RdD9d6G4nYwrMztnzvPKUumVXDdxjUSLzgZBUNUS3:ReDgZPZXDddrHgZ2NR
Malware Config
Targets
-
-
Target
0006ed8169623aba9a2a268ee05e8c0b_JaffaCakes118
-
Size
23KB
-
MD5
0006ed8169623aba9a2a268ee05e8c0b
-
SHA1
4aa3a301dee2021d44293383dcd6f4e5996b0a95
-
SHA256
20dd66904733617ac5789d33884b71166785680293c5e6e2f08f840faab7e7f3
-
SHA512
1bb47517c0e9cd84e62dc0bfd0c52f3c452dcf12e1a4ffe7f7ae5be5e5ee7e4a7e768c0b8498203eb99f92c07ce6f36a48f189ec5fdb02018dfcc5649b00c6c6
-
SSDEEP
384:RdD9d6G4nYwrMztnzvPKUumVXDdxjUSLzgZBUNUS3:ReDgZPZXDddrHgZ2NR
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1