General
-
Target
000b9ebec00f696da18de18b000c435e_JaffaCakes118
-
Size
23KB
-
Sample
240619-xjqpys1fnq
-
MD5
000b9ebec00f696da18de18b000c435e
-
SHA1
c6d47f56395d98087dc6b5a597f9023e31aaad05
-
SHA256
23aff30f61669e8aceee32d909caefd24673d4ab70f749e4b7660f7ee67d375c
-
SHA512
b5cf6944a28e9291f17076afe7af2ad02783b0a6b28a82f5eb950f79126c846c381f47b2099bcc62f9f414329acf4f84ba002bd151274b52684858c9491b87b3
-
SSDEEP
384:AidD9d6GAKuQBr7IrC4/OdjobS03j2o1IES0SzEN8gd0CXV:1Wy7ZGhTv1WENXWCl
Malware Config
Targets
-
-
Target
000b9ebec00f696da18de18b000c435e_JaffaCakes118
-
Size
23KB
-
MD5
000b9ebec00f696da18de18b000c435e
-
SHA1
c6d47f56395d98087dc6b5a597f9023e31aaad05
-
SHA256
23aff30f61669e8aceee32d909caefd24673d4ab70f749e4b7660f7ee67d375c
-
SHA512
b5cf6944a28e9291f17076afe7af2ad02783b0a6b28a82f5eb950f79126c846c381f47b2099bcc62f9f414329acf4f84ba002bd151274b52684858c9491b87b3
-
SSDEEP
384:AidD9d6GAKuQBr7IrC4/OdjobS03j2o1IES0SzEN8gd0CXV:1Wy7ZGhTv1WENXWCl
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1