General
-
Target
000d784e75c548af7e23d9e954f3ea52_JaffaCakes118
-
Size
512KB
-
Sample
240619-xk173sxbjc
-
MD5
000d784e75c548af7e23d9e954f3ea52
-
SHA1
873e9c80b01945551a75d4dc81a9ae293fe9f83a
-
SHA256
adf6e7b503d949a8d60c9109a1d655ed83c2180eca7060708a4d89a08b82aabb
-
SHA512
db897df7d786120f3b8408db68b2f8975228a5f5bb1d5ac919c248f23cf9f2c4cfb53ab84d65b09757ea21ba57af575fa92f107f48e06ebeb668064555e98861
-
SSDEEP
384:5yVlNjtU2e6VYOtfk9y5wS6BoIPTFsxl1rY/N2jfbGrYEj7Wo2VTTzE7bWg2E:MVlDty4wHBD6ZY/szGr7svE7bh
Static task
static1
Behavioral task
behavioral1
Sample
000d784e75c548af7e23d9e954f3ea52_JaffaCakes118.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
000d784e75c548af7e23d9e954f3ea52_JaffaCakes118.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
000d784e75c548af7e23d9e954f3ea52_JaffaCakes118
-
Size
512KB
-
MD5
000d784e75c548af7e23d9e954f3ea52
-
SHA1
873e9c80b01945551a75d4dc81a9ae293fe9f83a
-
SHA256
adf6e7b503d949a8d60c9109a1d655ed83c2180eca7060708a4d89a08b82aabb
-
SHA512
db897df7d786120f3b8408db68b2f8975228a5f5bb1d5ac919c248f23cf9f2c4cfb53ab84d65b09757ea21ba57af575fa92f107f48e06ebeb668064555e98861
-
SSDEEP
384:5yVlNjtU2e6VYOtfk9y5wS6BoIPTFsxl1rY/N2jfbGrYEj7Wo2VTTzE7bWg2E:MVlDty4wHBD6ZY/szGr7svE7bh
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1