General
-
Target
000cd613b6d5fecbf516fd1c6ed053bf_JaffaCakes118
-
Size
516KB
-
Sample
240619-xklgma1frq
-
MD5
000cd613b6d5fecbf516fd1c6ed053bf
-
SHA1
cd9461f6705d40ff1f26a663240107bfe06ce1c8
-
SHA256
f3917940d647704060e24f86f18051b70b9ec442ef28f83080aeb68069ac38c8
-
SHA512
4831392bd40f9f3d6ea9c58e02295dc57653113c7f23d4d0fee687913f7611487b9a44eba74027f6188c17cf40c20addad09ff2bb3086da4b7f9b1eb30b5e938
-
SSDEEP
384:KdD9d6G4q6gkfkfD1bzU4jLfKwjabg3IJCkjCh/C7ESICBzgI2Rjc1kXMM:KaDf21HVLf3G5X6KVFgI6F
Static task
static1
Behavioral task
behavioral1
Sample
000cd613b6d5fecbf516fd1c6ed053bf_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
000cd613b6d5fecbf516fd1c6ed053bf_JaffaCakes118.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
000cd613b6d5fecbf516fd1c6ed053bf_JaffaCakes118
-
Size
516KB
-
MD5
000cd613b6d5fecbf516fd1c6ed053bf
-
SHA1
cd9461f6705d40ff1f26a663240107bfe06ce1c8
-
SHA256
f3917940d647704060e24f86f18051b70b9ec442ef28f83080aeb68069ac38c8
-
SHA512
4831392bd40f9f3d6ea9c58e02295dc57653113c7f23d4d0fee687913f7611487b9a44eba74027f6188c17cf40c20addad09ff2bb3086da4b7f9b1eb30b5e938
-
SSDEEP
384:KdD9d6G4q6gkfkfD1bzU4jLfKwjabg3IJCkjCh/C7ESICBzgI2Rjc1kXMM:KaDf21HVLf3G5X6KVFgI6F
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1