General
-
Target
000dc2db2722375fd7446c143fc4ffb7_JaffaCakes118
-
Size
512KB
-
Sample
240619-xk6gss1gll
-
MD5
000dc2db2722375fd7446c143fc4ffb7
-
SHA1
9a2583662de852a5180af2a663544142382f8c2b
-
SHA256
6c6fff2cd1e6e1d9ee3ffbb508ebd2f1d74e6e4b18ca323455eb341878521163
-
SHA512
18427ce5a5ab9f79e5ee2ce847b9ff8a6e77b3cd8990746762f176482bb6b9b3428fd4a162d8a2a6961f1e819c50179ecbed96725fbf67dcee043e62b445464d
-
SSDEEP
384:gUOr5NKZ2VUI1KmPKDT4MywmtbdYSgnKEt11jVPFYIEZc4z0rOYYONKz:Ur5sWK0JdanhPVPFYIY0rIX
Static task
static1
Behavioral task
behavioral1
Sample
000dc2db2722375fd7446c143fc4ffb7_JaffaCakes118.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
000dc2db2722375fd7446c143fc4ffb7_JaffaCakes118.dll
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
000dc2db2722375fd7446c143fc4ffb7_JaffaCakes118
-
Size
512KB
-
MD5
000dc2db2722375fd7446c143fc4ffb7
-
SHA1
9a2583662de852a5180af2a663544142382f8c2b
-
SHA256
6c6fff2cd1e6e1d9ee3ffbb508ebd2f1d74e6e4b18ca323455eb341878521163
-
SHA512
18427ce5a5ab9f79e5ee2ce847b9ff8a6e77b3cd8990746762f176482bb6b9b3428fd4a162d8a2a6961f1e819c50179ecbed96725fbf67dcee043e62b445464d
-
SSDEEP
384:gUOr5NKZ2VUI1KmPKDT4MywmtbdYSgnKEt11jVPFYIEZc4z0rOYYONKz:Ur5sWK0JdanhPVPFYIY0rIX
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1